[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: R41 in draft-ietf-v6ops-cpe-simple-security-07

To: james woodyatt <jhw@apple.com>
Subject: Re: R41 in draft-ietf-v6ops-cpe-simple-security-07
From: Rémi Denis-Courmont <remi@remlab.net>
Date: Wed, 05 Aug 2009 08:44:32 +0200
Cc: Yaron Sheffer <yaronf@checkpoint.com>, Mark Baugher <mbaugher@cisco.com>, Mark Smith <ipng@69706e6720323030352d30312d31340a.nosense.org>, Brian E Carpenter <brian.e.carpenter@gmail.com>, IPv6 Operations <v6ops@ops.ietf.org>
In-reply-to: <DE6AAEC2-5E8B-48D3-9DA5-E5A8D9D3D9C8@apple.com>
Organization: Remlab.net
References: <7F9A6D26EB51614FBF9F81C0DA4CFEC80133E557D28F@il-ex01.ad.checkpoint.com> <3C35AAD7-D7F7-4E6D-A7E0-C6DA2CF95946@cisco.com> <7F9A6D26EB51614FBF9F81C0DA4CFEC80133E557D292@il-ex01.ad.checkpoint.com> <DE6AAEC2-5E8B-48D3-9DA5-E5A8D9D3D9C8@apple.com>
User-agent: RoundCube Webmail/0.1

On Tue, 4 Aug 2009 15:57:34 -0700, james woodyatt <jhw@apple.com> wrote:

> The most like scenario is applications soliciting any-source

> inbound traffic will use techniques like RFC 5389 modulo NAT, and

> because there is no standard for choosing an exterior filtering

> regime, applications will then perform filter-state behavior tests and

> use rendezvous services when the exterior filtering regime isn't

> endpoint-independent.  This will end up costing battery and network

> resources that would otherwise not be spent if there was a protocol

> like R41 recommends, but it will work, it will be simple and it won't

> require any authentication credentials that users may or may not

> possess, much less remember where they wrote them down.

> 

> The point of allowing passive listeners to solicit any-source incoming

> flows with something like ALD has *always* been to make more wasteful

> techniques like RFC 5389 modulo NAT completely unnecessary.  Does this

> need to be spelled out more clearly in the draft?



From this discussion, I guess so.

You might mention that RFC5389 only works for UDP while at it.



-- 

Rémi Denis-Courmont

Follow-Ups:
- Re: R41 in draft-ietf-v6ops-cpe-simple-security-07
  - From: james woodyatt <jhw@apple.com>

References:
- RE: R41 in draft-ietf-v6ops-cpe-simple-security-07
  - From: Yaron Sheffer <yaronf@checkpoint.com>
- Re: R41 in draft-ietf-v6ops-cpe-simple-security-07
  - From: Mark Baugher <mbaugher@cisco.com>
- RE: R41 in draft-ietf-v6ops-cpe-simple-security-07
  - From: Yaron Sheffer <yaronf@checkpoint.com>
- Re: R41 in draft-ietf-v6ops-cpe-simple-security-07
  - From: james woodyatt <jhw@apple.com>

Prev by Date: RE: R41 in draft-ietf-v6ops-cpe-simple-security-07
Next by Date: Re: R41 in draft-ietf-v6ops-cpe-simple-security-07
Previous by thread: Re: R41 in draft-ietf-v6ops-cpe-simple-security-07
Next by thread: Re: R41 in draft-ietf-v6ops-cpe-simple-security-07
Index(es):
- Date
- Thread