[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: I-D ACTION:draft-ietf-v6ops-nap-06.txt



Hi Margaret,

Needless to say, I was recused from the IESG decision
on this draft, so what I say now, I say as an author.

The authors accepted the title change in response to
IESG comments that "NAP" or "NAP6" could too readily be
confused with "NAT", especially on the phone. I didn't like
the change personally, but didn't think it was confusing.

I agree that apparently there was no WG discussion after
the -05 and -06 versions appeared, although they were of
course announced to the mailing list, i.e. nothing was
hidden.

I just reviewed the diffs between the -04 and -06 versions.
I persnally think they're all editorial, with one possible
exception - this was deleted:

 At the same time a NAT creates a smaller pool of addresses for a much	 		
 more focused point of attack, where the adversary does not need to			
 scan the entire local network but can instead concentrate on the			
 active ports associated with the NAT adress. By periodically			
 scanning the limited 16 bit port range on the public side of the NAT,			
 the attack will routinely find all ports that are open to active			
 nodes.

because Cullen (I think) pointed out that it doesn't apply to the
majority of commonly deployed NATs.

     Brian

On 2007-03-14 13:33, Margaret Wasserman wrote:

BTW, I also see no indication that the document title change or the other last minute changes were discussed on the v6ops WG list.

Margaret

On Mar 14, 2007, at 8:29 AM, Margaret Wasserman wrote:


Hi All,

I would like to understand why the title of this document was changed at the last minute. I also have at least a minor objection to the new title, particularly to what it means by the word "protection".

The word "protection" in the original title referred to protecting the end-to-end Internet architecture (the network architecture) from NAT. In other words, we could use certain facilities in IPv6 instead of NAT as a way to protect the end-to-end nature of IPv6 networks.

What does the word protection mean now, though? That the facilities in this document protect the local network? From what?

Margaret


On Jan 11, 2007, at 3:50 PM, Internet-Drafts@ietf.org wrote:

A New Internet-Draft is available from the on-line Internet-Drafts
directories.
This draft is a work item of the IPv6 Operations Working Group of the IETF.

    Title        : Local Network Protection for IPv6
    Author(s)    : G. Van de Velde, et al.
    Filename    : draft-ietf-v6ops-nap-06.txt
    Pages        : 46
    Date        : 2007-1-11
Although there are many perceived benefits to Network Address
   Translation (NAT), its primary benefit of "amplifying" available
   address space is not needed in IPv6.  In addition to NAT's many
   serious disadvantages, there is a perception that other benefits
   exist, such as a variety of management and security attributes that
   could be useful for an Internet Protocol site.  IPv6 was designed
   with the intention of making NAT unnecessary, and this document shows
   how Local Network Protection (LNP) using IPv6 can provide the same or
   more benefits without the need for address translation.

A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-ietf-v6ops-nap-06.txt

To remove yourself from the I-D Announcement list, send a message to
i-d-announce-request@ietf.org with the word unsubscribe in the body of
the message.
You can also visit https://www1.ietf.org/mailman/listinfo/I-D-announce
to change your subscription settings.

Internet-Drafts are also available by anonymous FTP. Login with the
username "anonymous" and a password of your e-mail address. After
logging in, type "cd internet-drafts" and then
"get draft-ietf-v6ops-nap-06.txt".

A list of Internet-Drafts directories can be found in
http://www.ietf.org/shadow.html
or ftp://ftp.ietf.org/ietf/1shadow-sites.txt

Internet-Drafts can also be obtained by e-mail.

Send a message to:
    mailserv@ietf.org.
In the body type:
    "FILE /internet-drafts/draft-ietf-v6ops-nap-06.txt".
NOTE: The mail server at ietf.org can return the document in
    MIME-encoded form by using the "mpack" utility.  To use this
    feature, insert the command "ENCODING mime" before the "FILE"
    command.  To decode the response(s), you will need "munpack" or
    a MIME-compliant mail reader.  Different MIME-compliant mail readers
    exhibit different behavior, especially when dealing with
    "multipart" MIME messages (i.e. documents which have been split
    up into multiple messages), so check your local documentation on
    how to manipulate these messages.

Below is the data which will enable a MIME compliant mail reader
implementation to automatically retrieve the ASCII version of the
Internet-Draft.
Content-Type: text/plain
Content-ID:    <2007-1-11122456.I-D@ietf.org>