Re: I-D Action:draft-rosenberg-internet-waist-hourglass-00.txt]

To: Iljitsch van Beijnum <iljitsch at muada.com>, Christian Huitema <huitema at windows.microsoft.com>
Subject: Re: I-D Action:draft-rosenberg-internet-waist-hourglass-00.txt]
From: Melinda Shore <mshore at cisco.com>
Date: Thu, 14 Feb 2008 10:04:26 -0500
Authentication-results: sj-dkim-3; header.From=mshore at cisco.com; dkim=pass ( sig from cisco.com/sjdkim3002 verified; );
Cc: Harald Alvestrand <harald at alvestrand.no>, "Joel M. Halpern" <jmh at joelhalpern.com>, IETF discussion list <ietf at ietf.org>, Jonathan Rosenberg <jdrosen at cisco.com>, james woodyatt <jhw at apple.com>
Delivered-to: ietfarch-ietf-web-archive at core3.amsl.com
Delivered-to: ietf at core3.amsl.com
In-reply-to: <C2B5AAD4-5715-4DFF-AD5D-329932718776 at muada.com>
List-help: <mailto:ietf-request@ietf.org?subject=help>
List-id: IETF-Discussion <ietf.ietf.org>
List-post: <mailto:ietf@ietf.org>
List-subscribe: <http://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
List-unsubscribe: <http://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
Sender: ietf-bounces at ietf.org
Thread-index: AchvGuOyIomcQNsOEdy4TwAKleNSdA==
Thread-topic: I-D Action:draft-rosenberg-internet-waist-hourglass-00.txt]
User-agent: Microsoft-Entourage/11.3.3.061214

On 2/14/08 9:58 AM, "Iljitsch van Beijnum" <iljitsch at muada.com> wrote:
> Disagree. There is no reason why a stateful firewall would have an
> easier time tracking UDP state than any other non-TCP state when there
> is no address translation.

There's just a lot more experience with UDP than there
is with some other non-TCP protocols.  Engineers have been
more motivated to deal with it than they have with, say, SCTP.

But anyway, firewalls solve a different problem from NAT.
NAT has incidentally been used as a policy device but
a firewall really is a policy device.  So, while it
might be reasonable to say "I need to figure out how
to get across a NAT," it would also be reasonable to
say "I need to figure out how to get across a firewall
without violating access policy."  You definitely do
not want to design a mechanism that enables policy
violation.

Melinda

_______________________________________________
Ietf mailing list
Ietf at ietf.org
http://www.ietf.org/mailman/listinfo/ietf

Follow-Ups:
- Re: I-D Action:draft-rosenberg-internet-waist-hourglass-00.txt]
  - From: Hannes Tschofenig

References:
- Re: I-D Action:draft-rosenberg-internet-waist-hourglass-00.txt]
  - From: Iljitsch van Beijnum

Prev by Date: Re: I-D Action:draft-rosenberg-internet-waist-hourglass-00.txt]
Next by Date: Re: I-D Action:draft-rosenberg-internet-waist-hourglass-00.txt]
Previous by thread: Re: I-D Action:draft-rosenberg-internet-waist-hourglass-00.txt]
Next by thread: Re: I-D Action:draft-rosenberg-internet-waist-hourglass-00.txt]
Index(es):
- Date
- Thread

Note Well: Messages sent to this mailing list are the opinions of the senders and do not imply endorsement by the IETF.

Re: I-D Action:draft-rosenberg-internet-waist-hourglass-00.txt]

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.