Hi, Paul and Mikkel, On Fri, Jan 8, 2021 at 1:46 AM Paul Vixie <[email protected]> wrote:
> > > Mikkel Fahnøe Jørgensen wrote on 2021-01-07 09:17: > > ... > > > > From a quick read, I believe you have captured many relevant use cases > > but perhaps the document does not capture the concerns related til NAT > > translation and firewalls. > > > > ... > > i'm not sure enterprise concerns such as NAT or firewalls are important > to this audience. QUIC is policy-immune by design, and those of us who > operate secure private networks (schools, enterprise, military, police, > and many homes) are expecting to simply deny UDP and force the use of an > outbound proxy. > > i'd love to be wrong, but section 3 of > https://quicwg.org/ops-drafts/draft-ietf-quic-manageability.html seems > clear as to the intended entropy level and that this level really is > intentional. unfortunately for me as a security private network > operator, my needs in this regard are the same as russia's. > My goal in this draft was to focus on strategies for path selection when you have two or more validated paths available. I think that in order to have those paths validated, you already have to have navigated the potentially twisty maze of NATs and firewall policies. I recognize that actually getting multiple QUIC paths validated across NATs and firewalls is important to actual deployments, but I think it's orthogonal to path selection in a scheduler with multiple paths already available. Does that make sense? And thanks for taking a look at this draft. I know there's a lot of mailing list traffic with all the ballot e-mail going back and forth! Best, Spencer
