Re: FTP to HISTORIC? RE: [BEHAVE] Can we have on NAT66 discussion?

2008-11-19 Thread Tom.Petch
EMAIL PROTECTED]> Cc: "Behave WG" <[EMAIL PROTECTED]>; Sent: Friday, November 14, 2008 6:51 PM Subject: Re: FTP to HISTORIC? RE: [BEHAVE] Can we have on NAT66 discussion? > At 08:43 14-11-2008, Hallam-Baker, Phillip wrote: > >I propose that we either move FTP to hist

RE: [BEHAVE] Can we have on NAT66 discussion?

2008-11-17 Thread Darrel Lewis (darlewis)
> > DL> Port/Overload NAT for IPv4 (NAT:P) has security benefits > > in that it requires explicit configuration to allow for > > inbound unsolicited transport connections (via port forwarding) > > to 'inside' hosts. > > Perhaps you missed this statement from >

Re: [BEHAVE] Can we have on NAT66 discussion?

2008-11-15 Thread Iljitsch van Beijnum
On 14 nov 2008, at 17:49, Hallam-Baker, Phillip wrote: BGP is not a secure protocol. Not disagreeing, but what makes for a secure protocol? So why do you think it is appropriate for end user applications to make assumptions about end entity identity on the basis of source IP address? I

Re: FTP to HISTORIC? RE: [BEHAVE] Can we have on NAT66 discussion?

2008-11-15 Thread Iljitsch van Beijnum
On 14 nov 2008, at 17:43, Hallam-Baker, Phillip wrote: The Internet has two protocols that account for >95% of user interactions, email and Web. Pointing out that one of those protocols involves an IP address change en-route might be a single data point but it is a significant one. Also n

Re: FTP to HISTORIC? RE: [BEHAVE] Can we have on NAT66 discussion?

2008-11-14 Thread SM
At 08:43 14-11-2008, Hallam-Baker, Phillip wrote: I propose that we either move FTP to historic or start a revision effort if there is sufficient interest in continuing it as a separate protocol from HTTP. There are a few I-D about FTP that have been submitted: FTP Extension Registry http://w

Re: FTP to HISTORIC? RE: [BEHAVE] Can we have on NAT66 discussion?

2008-11-14 Thread Keith Moore
Hallam-Baker, Phillip wrote: > The Internet has two protocols that account for >95% of user > interactions, email and Web. Pointing out that one of those protocols > involves an IP address change en-route might be a single data point but > it is a significant one. it's a fallacy that you can measu

Re: [BEHAVE] Can we have on NAT66 discussion?

2008-11-14 Thread Keith Moore
Hallam-Baker, Phillip wrote: > BGP is not a secure protocol. > > We may work out a way to make BGP somewhat more secure, but most likely > to defend against attacks such as flooding and DDoS rather than > impersonation of end entities. > > So why do you think it is appropriate for end user appl

RE: [BEHAVE] Can we have on NAT66 discussion?

2008-11-14 Thread michael.dillon
DL> Port/Overload NAT for IPv4 (NAT:P) has security benefits > in that it requires explicit configuration to allow for > inbound unsolicited transport connections (via port forwarding) > to 'inside' hosts. Perhaps you missed this statement from

RE: [BEHAVE] Can we have on NAT66 discussion?

2008-11-14 Thread Hallam-Baker, Phillip
, Phillip Cc: Keith Moore; Behave WG; IETF Discussion; Routing Research Group Mailing List; Eric Klein; Mark Townsley Subject: Re: [BEHAVE] Can we have on NAT66 discussion? On 13 nov 2008, at 23:50, Hallam-Baker, Phillip wrote: > The most successful Internet protocols do not involve connecti

Re: [BEHAVE] Can we have on NAT66 discussion?

2008-11-14 Thread Margaret Wasserman
oup Mailing List; Behave WG; [EMAIL PROTECTED]; ietf@ietf.org Subject: Re: [BEHAVE] Can we have on NAT66 discussion? Eric Klein wrote: > Mark, > > I agree with the sentiment, the problem is that the 5 different groups > are doing different things that all relate back to NAT in v6 (rather &

FTP to HISTORIC? RE: [BEHAVE] Can we have on NAT66 discussion?

2008-11-14 Thread Hallam-Baker, Phillip
AIL PROTECTED]; ietf@ietf.org Subject: Re: [BEHAVE] Can we have on NAT66 discussion? Hallam-Baker, Phillip wrote: > It is called the principle of encapsulation. > > The most successful Internet protocols do not involve connections to > hosts today. SMTP is a connection to a service and h

Re: [BEHAVE] Can we have on NAT66 discussion?

2008-11-14 Thread Eric Klein
Hi Darrel, Comments below On Thu, Nov 13, 2008 at 9:30 PM, Darrel Lewis (darlewis) <[EMAIL PROTECTED] > wrote: > Comments below inline with DL> > NAT66 is in fact a security requirement in many applications and in others > it is a compliance requirement. Stampy feet protests that the idea is > pr

RE: [BEHAVE] Can we have on NAT66 discussion?

2008-11-14 Thread Darrel Lewis (darlewis)
Eric, Philip, Comments below inline with DL> Thanks. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Eric Klein Sent: Thursday, November 13, 2008 11:07 AM NAT66 is in fact a s

Re: [BEHAVE] Can we have on NAT66 discussion?

2008-11-14 Thread Eric Klein
n rather than having several groups making solutions without understanding the need. > > -- > *From:* [EMAIL PROTECTED] on behalf of Mark Townsley > *Sent:* Thu 11/13/2008 9:10 AM > *To:* Eric Klein > *Cc:* Routing Research Group Mailing List; Behave

Re: [BEHAVE] Can we have on NAT66 discussion?

2008-11-14 Thread Iljitsch van Beijnum
On 13 nov 2008, at 23:50, Hallam-Baker, Phillip wrote: The most successful Internet protocols do not involve connections to hosts today. SMTP is a connection to a service and has been for two decades. In SMTP the IP address does not remain constant end to end and never did. SMTP is also

Re: [BEHAVE] Can we have on NAT66 discussion?

2008-11-13 Thread RĂ©mi Denis-Courmont
On Thursday 13 November 2008 21:30:39 ext Darrel Lewis (darlewis), you wrote: > DL> Port/Overload NAT for IPv4 (NAT:P) has security benefits in > that it requires explicit configuration to allow for inbound unsolicited > transport connections (via port forwarding) to 'inside' hosts. This > m

Re: [BEHAVE] Can we have on NAT66 discussion?

2008-11-13 Thread Keith Moore
Hallam-Baker, Phillip wrote: > It is called the principle of encapsulation. > > The most successful Internet protocols do not involve connections to > hosts today. SMTP is a connection to a service and has been for two > decades. HTTP is not quite so agile but would be had we had SRV at the > tim

RE: [BEHAVE] Can we have on NAT66 discussion?

2008-11-13 Thread Hallam-Baker, Phillip
eith Moore [mailto:[EMAIL PROTECTED] Sent: Thu 11/13/2008 5:28 PM To: Hallam-Baker, Phillip Cc: Mark Townsley; Eric Klein; Routing Research Group Mailing List; Behave WG; [EMAIL PROTECTED]; ietf@ietf.org Subject: Re: [BEHAVE] Can we have on NAT66 discussion? Hallam-Baker, Phillip wrote: > I bel

RE: [BEHAVE] Can we have on NAT66 discussion?

2008-11-13 Thread Hallam-Baker, Phillip
Iljitsch van Beijnum [mailto:[EMAIL PROTECTED] Sent: Thu 11/13/2008 4:34 PM To: Hallam-Baker, Phillip Cc: [EMAIL PROTECTED]; Behave WG; IETF Discussion; Routing Research Group Mailing List Subject: Re: [BEHAVE] Can we have on NAT66 discussion? On 13 nov 2008, at 22:15, Hallam-Baker, Phillip wrote:

Re: [BEHAVE] Can we have on NAT66 discussion?

2008-11-13 Thread Keith Moore
Hallam-Baker, Phillip wrote: > I beleive that the question would not arise If we had a coherent > Internet architecture > > The idea that an application can or should care that the IP address of a > packet is constant from source to destination is plain bonkers. On the contrary, the idea that an

Re: [BEHAVE] Can we have on NAT66 discussion?

2008-11-13 Thread Iljitsch van Beijnum
On 13 nov 2008, at 22:15, Hallam-Baker, Phillip wrote: Well yes, that is precisely the reason I beleive that we need to take a look at a higher level and decide on one single answer A single answer? That doesn't seem compatible with what the internet has evolved into over the past decades.

RE: [BEHAVE] Can we have on NAT66 discussion?

2008-11-13 Thread Hallam-Baker, Phillip
ng List; Behave WG; [EMAIL PROTECTED]; ietf@ietf.org Subject: Re: [BEHAVE] Can we have on NAT66 discussion? Eric Klein wrote: > Mark, > > I agree with the sentiment, the problem is that the 5 different groups &g

RE: [BEHAVE] Can we have on NAT66 discussion?

2008-11-13 Thread Hallam-Baker, Phillip
, Phillip Cc: Mark Townsley; Eric Klein; Routing Research Group Mailing List; Behave WG; [EMAIL PROTECTED]; ietf@ietf.org Subject: Re: [BEHAVE] Can we have on NAT66 discussion? On 11/13/08 10:06 AM, Hallam-Baker, Phillip allegedly wrote: > > I beleive that the question would not arise If we

Re: [BEHAVE] Can we have on NAT66 discussion?

2008-11-13 Thread Scott Brim
On 11/13/08 10:06 AM, Hallam-Baker, Phillip allegedly wrote: > > I beleive that the question would not arise If we had a coherent > Internet architecture > > The idea that an application can or should care that the IP address of a > packet is constant from source to destination is plain bonkers.

Re: [BEHAVE] Can we have on NAT66 discussion?

2008-11-13 Thread Eric Klein
Mark, I agree with the sentiment, the problem is that the 5 different groups are doing different things that all relate back to NAT in v6 (rather than just coexistence) each under their own charter. I have had suggestions that I bring this to ietf or inter-area mailing lists for general consensus

RE: [BEHAVE] Can we have on NAT66 discussion?

2008-11-13 Thread Hallam-Baker, Phillip
PROTECTED]; ietf@ietf.org Subject: Re: [BEHAVE] Can we have on NAT66 discussion? Eric Klein wrote: > Mark, > > I agree with the sentiment, the problem is that the 5 different groups > are doing different things that all relate back to NAT in v6 (rather > than just coexistence) eac

Re: [BEHAVE] Can we have on NAT66 discussion?

2008-11-13 Thread Mark Townsley
Eric Klein wrote: Mark, I agree with the sentiment, the problem is that the 5 different groups are doing different things that all relate back to NAT in v6 (rather than just coexistence) each under their own charter. I have had suggestions that I bring this to ietf or inter-area mailing li