[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: WG Last Call: draft-ietf-v6ops-unmaneval-01.txt

To: "Marc Blanchet" <Marc.Blanchet@hexago.com>, "Pekka Savola" <pekkas@netcore.fi>
Subject: RE: WG Last Call: draft-ietf-v6ops-unmaneval-01.txt
From: "Christian Huitema" <huitema@windows.microsoft.com>
Date: Mon, 1 Mar 2004 09:04:24 -0800
Cc: <v6ops@ops.ietf.org>

> >> I agree that in the absence of automatic support through UPNP, DMZ
> >> functions are indeed not your typical unmanaged service. But the
point
> >> is at least partially incorrect. First, it is possible in some
cases to
> >> use automatic procedures to "DMZ" a port (e.g., using the UPNP
> "internet
> >> gateway device" service). Second, the procedure that absolutely
work
> for
> >> more than one node -- just pick a different port for each node.
> >
> > I'm not sure that UPNP is a solution we can be referring to.
> 
> agree. unless I'm not aware, UPNP is not an IETF standard?

NAT is not an IETF standard either. On the other hand, the UPNP IGD spec
is publicly available and can certainly be referenced in an informative
section. 


> >> In any case, the work done in the MIDCOM working group shows that
the
> >> number of symmetric NAT in the market is rapidly decreasing. See
> >> draft-jennings-midcom-stun-results-00.txt
> >
> > Sigh -- replacing "secure" NAT boxes with "insecure" ones.
> > Now I'm done -- I said "secure NAT"! :-)
> 
> agree.
> - this argument of "most are not" does not go far to me. We are
talking
> about a protocol proposal which is based on some proportion of market
> place
> and some internal behavior of devices that were never specified before
> implemented and that we don't know what is out there. In the case that
> these devices happen to exist (which is the case), the protocol
proposal
> does not work.

Look, we have shipped about 1M copies of Teredo already, and we are on a
pace to make it available on every Windows XP PC. It certainly "works"
in a large fraction of the cases, and this fraction is so large already
that it creates expectations. Customers expect applications and video
games to work; these applications are based on Teredo or similar
technologies (e.g. STUN and variations of echo services); hence NAT
vendors are busy upgrading their symmetric NAT to "port restricted" NAT,
which are arguably just as secure but don't mess with the applications
quite as much.

-- Christian Huitema

Follow-Ups:
- IPv6 Task Force: Feedback requested
  - From: "EricLKlein" <ericlklein@softhome.net>

Prev by Date: RE: WG Last Call: draft-ietf-v6ops-unmaneval-01.txt
Next by Date: IPv6 Task Force: Feedback requested
Previous by thread: RE: WG Last Call: draft-ietf-v6ops-unmaneval-01.txt
Next by thread: IPv6 Task Force: Feedback requested
Index(es):
- Date
- Thread