On Jun 30, 2011, at 3:24 AM, Fernando Gont wrote:
On 06/30/2011 02:26 AM, Keith Moore wrote:
Rather than having another of an endless series of discussions about
the merits of NAT or lack thereof, can we just agree that it should
not be pre-ordained that this WG should assume NAT as a solution?
I was originally arguing, at the very least, in favour of a stateful
firewall at the border.
I don't think the WG should be bound by existing technologies and assumptions.
Perimeter security of some kind is probably appropriate. That doesn't mean
that it has to look like firewalls do today. For one thing, users shouldn't
have to muck with the details of which ports to allow. For another, trying to
make security decisions be based on source IP address is ridiculous. And the
idea that every application server on a home network needs to negotiate access
through some application-specific external server (as is generally the case
with NATs today) is also ridiculous.
Please correct me if I'm wrong, but this is what the IETF has already
proposed (output of v6ops) for v6.
For some strange reason, I'm not particularly impressed with the output of
v6ops lately. Especially in their ability to consider the interests of the
broader Internet.
Keith
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf