Martin Rex wrote:
FYI, traversable firewall is, by definition, broken.
Try to convince folks to completely remove all outside doors,
windows, window gates, curtain, blinds, flyscreens from
their home to "leverage" many convenient un-restricted openings
to the interior of the house.
I'm not arguing against firewalls. There are various kinds of
firewalls each of which has its own configuration.
Just as path MTU discovery can not stop people filtering
ICMP, firewall traversal protocols can not traverse most
firewalls.
Instead, related parties with firewalls can communicate each
other through proper configuration of their firewalls without
any traversal protocols.
If your plan is to further delay IPv6 as long as possible, then
making it dependent on unrestricted end-to-end IPv6 connectivity
might be the most reliable approach to ensure the maximum pain
and resistance.
All we need is to enable, but NOT MANDATE, complete end to end
transparency.
It is of course that end to end connectivity can be blocked
by firewalls.
Masataka Ohta
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf