Re: The Devil's in the Deployment RE: NATs as firewalls

To: "Hallam-Baker, Phillip" <pbaker at verisign.com>
Subject: Re: The Devil's in the Deployment RE: NATs as firewalls
From: Brian E Carpenter <brc at zurich.ibm.com>
Date: Sun, 04 Mar 2007 20:11:16 +0100
Cc: John C Klensin <john-ietf at jck.com>, Paul Hoffman <paul.hoffman at vpnc.org>, ietf at ietf.org
In-reply-to: <198A730C2044DE4A96749D13E167AD3701147A21@MOU1WNEXMB04.vcorp.ad.vrsn.com>
List-help: <mailto:ietf-request@ietf.org?subject=help>
List-id: IETF-Discussion <ietf.ietf.org>
List-post: <mailto:ietf@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
Organization: IBM
References: <198A730C2044DE4A96749D13E167AD3701147A21@MOU1WNEXMB04.vcorp.ad.vrsn.com>
User-agent: Thunderbird 1.5.0.10 (Windows/20070221)

On 2007-03-02 17:09, Hallam-Baker, Phillip wrote:

From: Brian E Carpenter [mailto:brc at zurich.ibm.com]

This is of course one of the major motivations for draft-ietf-v6ops-nap-06.txt, which is now in the RFC Editor's queue. While it doesn't tell SOHO gateway vendors exactly what to do, it does I think make it clear that there is a secure mass market IPv6 way forward that has no need for NAT.
This is exactly the type of implict statement that I was concerned about.
I am a practical person.


I try to be one of those too, but analysis precedes synthesis.

The governing principle becomes Default-Deny.


That is completely compatible with the above draft.

The fixup required to make NAT work is neither complex nor onerous.


But irrelevant - the problems that NAT causes, and that having suffcient
address space (a.k.a. IPv6) solves, are orthogonal to security. That is
the whole point in this thread.

   Brian

_______________________________________________
Ietf mailing list
Ietf at ietf.org
https://www1.ietf.org/mailman/listinfo/ietf

Follow-Ups:
- Re: The Devil's in the Deployment RE: NATs as firewalls
  - From: Douglas Otis

References:
- The Devil's in the Deployment RE: NATs as firewalls
  - From: Hallam-Baker, Phillip

Prev by Date: Re: NATs as firewalls
Next by Date: Re: Last Call: draft-ietf-6lowpan-format (Transmission of IPv6 Packets over IEEE 802.15.4 Networks) to Proposed Standard
Previous by thread: The Devil's in the Deployment RE: NATs as firewalls
Next by thread: Re: The Devil's in the Deployment RE: NATs as firewalls
Index(es):
- Date
- Thread

Note Well: Messages sent to this mailing list are the opinions of the senders and do not imply endorsement by the IETF.

Re: The Devil's in the Deployment RE: NATs as firewalls

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.