Joel M. Halpern wrote:
As far as I can tell, most of what is being asked for here has little,
if anything, to do with NAT. To paraphrase:
If we are going to have firewalls which block incoming connections,
communication between entities behind such firewalls should still be
possible without any "external" servers.
That is a tall (not impossible, but quite tall) order, which we have
attempted to address several times with little effect.
And let us be very clear. Network admins have been asking for and using
such features for at least 18 years, well before NAT.
I would recommend separating the problems. The NAT solution, as I
understand it, does not make this problem worses. That is about all one
can ask of the NAT side of the equation.
the problem with separating the problem is that we'll solve the "easy"
part first (the NAT part) and put off trying to solve the biggest part
of the problem that is really keeping applications from working
efficiently or reliably ... and meanwhile we'll have done nothing to
improve security either.
Keith
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf