[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: WG Last Call: draft-ietf-v6ops-unmaneval-01.txt

To: Pekka Savola <pekkas@netcore.fi>, Christian Huitema <huitema@windows.microsoft.com>
Subject: RE: WG Last Call: draft-ietf-v6ops-unmaneval-01.txt
From: Marc Blanchet <Marc.Blanchet@hexago.com>
Date: Mon, 01 Mar 2004 10:30:53 -0500
Cc: v6ops@ops.ietf.org
In-reply-to: <Pine.LNX.4.44.0403011715160.5448-100000@netcore.fi>
References: <Pine.LNX.4.44.0403011715160.5448-100000@netcore.fi>

-- Monday, March 01, 2004 17:19:50 +0200 Pekka Savola <pekkas@netcore.fi>
wrote/a ecrit:

> On Sun, 29 Feb 2004, Christian Huitema wrote:
>> > > ...
>> > >    by many applications, e.g., networked games or voice over IP. The
>> > >    experience shows that most recent "home routers" are designed to
>> > >    support these applications. In some edge cases, the automatic
>> > >    solutions will require explicit configuration of a port in the
>> home
>> > >    router, using the so-called "DMZ" functions.
>> > > 
>> > > <MB>only works for one single node. Moreover, it should be noted
>> that
>> > this
>> > > explicit configuration is completly out of the _unmanaged_ goal.
>> > > 
>> > > Suggesting text:
>> > > using the so-called "DMZ" functions". These cases are obviously out
>> of
>> > > scope of the unmanaged network scenario and only work for a single
>> node
>> > > behind the NAT.
>> > > </MB>
>> > 
>> > Good point.
>> 
>> I agree that in the absence of automatic support through UPNP, DMZ
>> functions are indeed not your typical unmanaged service. But the point
>> is at least partially incorrect. First, it is possible in some cases to
>> use automatic procedures to "DMZ" a port (e.g., using the UPNP "internet
>> gateway device" service). Second, the procedure that absolutely work for
>> more than one node -- just pick a different port for each node. 
> 
> I'm not sure that UPNP is a solution we can be referring to.

agree. unless I'm not aware, UPNP is not an IETF standard?

>  
>> In any case, the work done in the MIDCOM working group shows that the
>> number of symmetric NAT in the market is rapidly decreasing. See
>> draft-jennings-midcom-stun-results-00.txt
> 
> Sigh -- replacing "secure" NAT boxes with "insecure" ones.
> Now I'm done -- I said "secure NAT"! :-)

agree.
- this argument of "most are not" does not go far to me. We are talking
about a protocol proposal which is based on some proportion of market place
and some internal behavior of devices that were never specified before
implemented and that we don't know what is out there. In the case that
these devices happen to exist (which is the case), the protocol proposal
does not work. 

Marc.


> 
> -- 
> Pekka Savola                 "You each name yourselves king, yet the
> Netcore Oy                    kingdom bleeds."
> Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings
> 



------------------------------------------
Marc Blanchet
Hexago
tel: +1-418-266-5533x225
------------------------------------------
http://www.freenet6.net: IPv6 connectivity
------------------------------------------

References:
- RE: WG Last Call: draft-ietf-v6ops-unmaneval-01.txt
  - From: Pekka Savola <pekkas@netcore.fi>

Prev by Date: RE: WG Last Call: draft-ietf-v6ops-unmaneval-01.txt
Next by Date: RE: WG Last Call: draft-ietf-v6ops-unmaneval-01.txt
Previous by thread: RE: WG Last Call: draft-ietf-v6ops-unmaneval-01.txt
Next by thread: RE: WG Last Call: draft-ietf-v6ops-unmaneval-01.txt
Index(es):
- Date
- Thread