On Thu, 2005-05-05 at 10:55 +0200, Iljitsch van Beijnum wrote: > On 4-mei-2005, at 8:32, Greg Daley wrote: > > >> (It should be possible to implement the shim in middleboxes.) > > > Please, Please let's not go there! > > Too late... This has been on my list of desired features for years. > > > I don't think changing packets by insertion of headers unbeknownst > > to the host is a good idea. > > Why not? It happens at lower layers all the time. As long as the > packet that is eventually processed by the upper layer protocol is > the same as the one sent by the remote upper layer entity there > shouldn't be any problems. IMHO shim6 being able to be done in middleboxes is actually a requirement if you really think this will every be deployed at all. With shim6 in the 'middleboxes' one can let the egress/ingress routers or the firewalls on the boundaries of the site do the shim6. This allows you to not touch the hosts at all and you will only have to configure those boxes and not all the boxes in your network. Which gives all the advantages of NAT, at least the ones that people perceive to have now. Of course, exactly if you put this in the endhost itself or in some middlebox should be left open to the person configuring the network. Greets, Jeroen
Attachment:
signature.asc
Description: This is a digitally signed message part