|
»
« Return to Thread: NAT66: my conclusions
Re: NAT66: my conclusions
by Michael Richardson
::
Rate this Message:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
>>>>> "Iljitsch" == Iljitsch van Beijnum <iljitsch@...> writes:
Iljitsch> After having debated the virtues of having NAT66 in the
Iljitsch> first place and its features if we were to have it, my
Iljitsch> conclusion is that we're not going to be able to create a
Iljitsch> NAT66 specification that makes all parties happy enough to
Iljitsch> reach rough consensus.
As one who would like to have no NAT66 (I believe in SHIM6, ULA-like
objects, and better implementations of source address selection) I would
like to know the details of where the NAT66 people diverge.
My opinion is that it would be useful to have 1 or 5 documents that
explains the requirements that people think they have.
My impression is that we can't figure out if anything would be
acceptable, because we don't know what the assumptions each party has
made.
Iljitsch> For a while I thought it would be a good compromise to
Iljitsch> standardize one of these less nefarious NAT66s in order to
Iljitsch> avoid ending up with the really bad ones. But after the
Iljitsch> discussion the past few weeks my conclusion is that this
Iljitsch> isn't going to work.
I see. I believed what you did.
Iljitsch> However, I believe there is something useful that the IETF
Iljitsch> can do, and that is mostly what the BEHAVE wg has already
Iljitsch> been doing: document NAT behavior, and create
Iljitsch> specifications for applications that want to work through
Iljitsch> those NATs. But with IPv6 we have the opportunity to be
Iljitsch> proactive: rather than describe the harm that existing
Iljitsch> NATs do, BEHAVE could publish a document that describes
Iljitsch> the various ways IPv6 NATs could be implemented, and then
Iljitsch> order these in order of increasing harm, outlining the
I think that this will become the document which you say will cause
more harm than good.
Iljitsch> harmful effects each type of NAT66s would have. Along
Iljitsch> with some easy to understand terminology or numeric
Iljitsch> ranking, this would allow application vendors to
Iljitsch> communicate what types of NAT their products will work
Iljitsch> with and which they won't, and allow end- users to specify
Iljitsch> to their middlebox vendors what kind of NAT they want to
Iljitsch> buy.
Yes.
- --
] ON HUMILITY: to err is human. To moo, bovine. | firewalls [
] Michael Richardson, Sandelman Software Works, Ottawa, ON |net architect[
] mcr@... http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Finger me for keys
iQEVAwUBSTRvloCLcPvd0N1lAQLZBAgAsFOVhrxjm/MVXKv6FvMgphqAQRrdf5oE
nsLDmpGK4CirfQ+lnFreiSd3RPhlJejZYP1kz1JZx54WXtm8e4J9j2oBxSQ8xUBI
69nSnF25dqh2YRM4pCV2wP2Q9ZQbRxQIkMt9FJP8bZRxg3WmRVXFvRMTo+ip9ZSF
muYhka1YAOxI1F03kCnUWElXGQ7fTJBiSK40GCQwTxU7FUqoMPS/ALKBlvsss0nQ
0fP96cEJHi99iPOaUjcubMeABSzYiM9I98eDMBj1pJdfiN9+89xIqMTNWCu5wcFU
AsDyOA/XgkG0HQXXiniv3XeSw3v7NW4dBsSIqjQMbwHtEl7jtksDzg==
=t2+4
-----END PGP SIGNATURE-----
_______________________________________________
Behave mailing list
Behave@...
https://www.ietf.org/mailman/listinfo/behave
Hash: SHA1
>>>>> "Iljitsch" == Iljitsch van Beijnum <iljitsch@...> writes:
Iljitsch> After having debated the virtues of having NAT66 in the
Iljitsch> first place and its features if we were to have it, my
Iljitsch> conclusion is that we're not going to be able to create a
Iljitsch> NAT66 specification that makes all parties happy enough to
Iljitsch> reach rough consensus.
As one who would like to have no NAT66 (I believe in SHIM6, ULA-like
objects, and better implementations of source address selection) I would
like to know the details of where the NAT66 people diverge.
My opinion is that it would be useful to have 1 or 5 documents that
explains the requirements that people think they have.
My impression is that we can't figure out if anything would be
acceptable, because we don't know what the assumptions each party has
made.
Iljitsch> For a while I thought it would be a good compromise to
Iljitsch> standardize one of these less nefarious NAT66s in order to
Iljitsch> avoid ending up with the really bad ones. But after the
Iljitsch> discussion the past few weeks my conclusion is that this
Iljitsch> isn't going to work.
I see. I believed what you did.
Iljitsch> However, I believe there is something useful that the IETF
Iljitsch> can do, and that is mostly what the BEHAVE wg has already
Iljitsch> been doing: document NAT behavior, and create
Iljitsch> specifications for applications that want to work through
Iljitsch> those NATs. But with IPv6 we have the opportunity to be
Iljitsch> proactive: rather than describe the harm that existing
Iljitsch> NATs do, BEHAVE could publish a document that describes
Iljitsch> the various ways IPv6 NATs could be implemented, and then
Iljitsch> order these in order of increasing harm, outlining the
I think that this will become the document which you say will cause
more harm than good.
Iljitsch> harmful effects each type of NAT66s would have. Along
Iljitsch> with some easy to understand terminology or numeric
Iljitsch> ranking, this would allow application vendors to
Iljitsch> communicate what types of NAT their products will work
Iljitsch> with and which they won't, and allow end- users to specify
Iljitsch> to their middlebox vendors what kind of NAT they want to
Iljitsch> buy.
Yes.
- --
] ON HUMILITY: to err is human. To moo, bovine. | firewalls [
] Michael Richardson, Sandelman Software Works, Ottawa, ON |net architect[
] mcr@... http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Finger me for keys
iQEVAwUBSTRvloCLcPvd0N1lAQLZBAgAsFOVhrxjm/MVXKv6FvMgphqAQRrdf5oE
nsLDmpGK4CirfQ+lnFreiSd3RPhlJejZYP1kz1JZx54WXtm8e4J9j2oBxSQ8xUBI
69nSnF25dqh2YRM4pCV2wP2Q9ZQbRxQIkMt9FJP8bZRxg3WmRVXFvRMTo+ip9ZSF
muYhka1YAOxI1F03kCnUWElXGQ7fTJBiSK40GCQwTxU7FUqoMPS/ALKBlvsss0nQ
0fP96cEJHi99iPOaUjcubMeABSzYiM9I98eDMBj1pJdfiN9+89xIqMTNWCu5wcFU
AsDyOA/XgkG0HQXXiniv3XeSw3v7NW4dBsSIqjQMbwHtEl7jtksDzg==
=t2+4
-----END PGP SIGNATURE-----
_______________________________________________
Behave mailing list
Behave@...
https://www.ietf.org/mailman/listinfo/behave
« Return to Thread: NAT66: my conclusions
| Free embeddable forum powered by Nabble | Forum Help |
