RE: Blue Sheet Etiquette

[Ian King]

Once upon a time, when I was a Working Group chair, I asked the
Secretariat for a copy of the blue sheet from my session; my goal was to
direct mail to persons who had been there, to discuss issues raised
there (in case they weren't subscribed to the list).  

Granted, one of them took umbrage with me, but it was otherwise rather
effective.  

So there's one reason for you - it's a service to the Working Group.  --
Ian 

-Original Message-
From: Pekka Savola [mailto:[EMAIL PROTECTED]] 
Sent: Friday, December 14, 2001 11:01 AM
To: Robert Moskowitz
Cc: borderlt; [EMAIL PROTECTED]
Subject: Re: Blue Sheet Etiquette


On Fri, 14 Dec 2001, Robert Moskowitz wrote:
> There is a practical side to this.  Note that John saw that the sheet 
> was
> hung in the queue.  This can result in people not getting the sheet to

> sign, and then the next meeting not getting a big enough room..

Has it been said what those blue sheets are used for anyway?

I don't think _anyone_ is typing any emails on the lists.

Rather, I'd guess the secretariat is only interested in seeing how many 
people attended, so gauge how to make room reservations at the next 
meetings etc.

-- 
Pekka Savola "Tell me of difficulties surmounted,
Netcore Oy   not those you stumble over and fall"
Systems. Networks. Security.  -- Robert Jordan: A Crown of Swords

RE: Blue Sheet Etiquette

[Ian King]

WARNING!  WARNING!  Recurring mailthread alert!  

This conversation seems to recur during or just after every meeting
-- Ian 

-Original Message-
From: John Stracke [mailto:[EMAIL PROTECTED]] 
Sent: Friday, December 14, 2001 9:33 AM
To: [EMAIL PROTECTED]
Subject: Re: Blue Sheet Etiquette


>The Mormon Tabernacle Choir in Salt Lake City had a pretty good system 
>for checking tickets: wireless bar code scanners. Can't be more 
>expensive than having somebody type in thousands of names, from barely 
>legible writing.

I did think of something like that; but then you'd have a queue at the 
door as people scan their badges.  Besides, there's a difference in
scale: 
we do this three times a year, instead of every day (week?).

On the plus side, though, the scanner would record the time, and thereby

know what meeting you were there for, so you'd eliminate the failure
mode 
where the chair forgets to put the new box in place, and meeting A gets 
the credit for everybody who went to meeting B.

It wouldn't have to be wireless, either; the scanner could be hooked to
an 
old PC which would store the data on disk.

/===\
|John Stracke   |Principal Engineer |
|[EMAIL PROTECTED]  |Incentive Systems, Inc.| 
|http://www.incentivesystems.com|My opinions are my own.| 
|===|
|Cogito ergo Spud. (I think, therefore I yam.)  |
\===/

Why is this thread alive? (was RE: Why IPv6 is a must?)

[Ian King]

Folks, 

This thread has been going on for days, and I've seen little but a
rehash of the "NATs are God's gift" vs. "NATs are the tool of Satan"
that's been going on forever.  Now it's branched off into another thread
- almost a viral thing.  If folks must continue these tired old
arguments, can this please be moved to an IPv6 forum and/or to a NAT
forum?  I'm really getting tired of (a) deleting dozens of emails each
morning and/or (b) adding yet more entries to my mail filter collection.
In Larry Masinter's parlance, this seems to be all heat and little or no
light.  I'm finding that I really want to unsubscribe from what has
become a high-noise, low-content list -- Ian 

-Original Message-
From: Bill Manning [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, November 29, 2001 10:05 AM
To: Keith Moore
Cc: Bill Manning; Steve Deering; [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: Re: Why IPv6 is a must?


% 
% > % What's the realistic plan to prevent the IPv4 routing table from
growing % > % to 2^32 route entries? % > 
% > trolling again? :)
% > 
% 
% it's about as reasonable as the question about the IPv6 routing table.
% 
% Keith
% 


back in the day, I told the CIDR/PIARA folks that it would be a good
idea 
to plan for 2^32 entries in the routing system and was hooted from the
fora. :)

I stand in respect for Bill Fenner who has agreed to act as the routing
area 
AD in guiding the effort to seek, prove, and deploy a reasonable routing
solution.


--bill

RE: Splitting the IETF-Announce list?

[Ian King]

WONDERFUL idea.  I get I-D announcements from the groups whose lists I
join.  -- Ian 

-Original Message-
From: Pete Resnick [mailto:[EMAIL PROTECTED]] 
Sent: Tuesday, November 13, 2001 2:03 PM
To: [EMAIL PROTECTED]
Subject: Splitting the IETF-Announce list?


I am interested in getting all of the posts to the IETF-Announce list 
*except* for the greatest bulk of those posts: Internet Draft 
announcements. I find it hard to believe that I am the only one who 
would prefer if the I-D announcements were on a separate mailing 
list. Would it be possible to implement this? If I am correct and 
there are an awful lot of people who are uninterested in I-D 
announcements, it would cut down on outgoing mail of the secretariat 
substantially.

pr
-- 
Pete Resnick 
QUALCOMM Incorporated

RE: Why IPv6 is a must?

[Ian King]

Huh?  I've been running PPTP over NAT for years - I'm doing it right
now.  But it would be great if the ISPs began to migrate; tools (e.g.
tunneling) are available to allow them to do so even if their upstreams
lag.  

-Original Message-
From: Rinka Singh [mailto:[EMAIL PROTECTED]] 
Sent: Tuesday, November 06, 2001 5:50 AM
To: J. Noel Chiappa; [EMAIL PROTECTED]
Subject: Re: Why IPv6 is a must?


That's right today.

Another 5 years later you would be singing a different tune. -
scalability, better bandwidth management (a.k.a QOS), mobile devices,
internet appliances will nail v4 down - UMTS will add some spice to the
pot.  I agree a user cannot do much unless the ISPs and Org
routers/switches deploy v6.  But that's not too far away as more
sophisticated uses come up.

Incidentally, have you tried running apps like ftp over IPsec or
L2TP/PPTP over NAT.

Rinka.

RE: Jim Fleming's posting privilleges have been revoked

[Ian King]

It's not a question of whether Fleming's opinions were popular - it's just that they 
were wildly irrelevant to the work of this list.  Having read many of his postings, I 
can only conclude that either (a) he was deliberately flame-baiting (and often 
successfully) or (b) his clue meter for "playing well with others" has actually bent 
the bottom pin and lodged itself in negative territory.  
 
FWIW, I concur with Harald's decision to employ this extreme sanction.  Knowing 
Harald, I am confident it was only after much careful consideration, and after many 
efforts to resolve the issue in other ways, that he did so.  -- Ian 

-Original Message- 
From: Anthony Atkielski [mailto:[EMAIL PROTECTED]] 
Sent: Thu 10/25/2001 1:08 PM 
To: [EMAIL PROTECTED] 
Cc: 
Subject: Re: Jim Fleming's posting privilleges have been revoked



I guess those of us who might be interested in hearing all opinions--and not
just those that agree with your own--are out of luck, eh?  I can decide for
myself which messages I do or do not wish to read; I don't need your help.

  -- Anthony

- Original Message -
From: "Harald Alvestrand" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, October 25, 2001 20:20
Subject: Jim Fleming's posting privilleges have been revoked


> After having read the 4 messages that Jim Fleming sent to the list after
> having received my warning note, I have revoked Jim Fleming's posting
> privilleges to the IETF list.
>
> This revocation will remain in effect for the next month.
>
> Harald T. Alvestrand
>  IETF Chair
>
>

RE: Proposal for a revised procedure-making process for the IETF

[Ian King]

Waitaminute, I thought NAT rants had been relegated to the authority of
one Dante Alighieri for proper assignment to a low, lonely circle of
hell  -- Ian

-Original Message-
From: Eliot Lear [mailto:[EMAIL PROTECTED]]
Sent: Friday, October 12, 2001 3:47 PM
To: Randy Bush
Cc: [EMAIL PROTECTED]
Subject: Re: Proposal for a revised procedure-making process for the
IETF


The IETF list should be reserved for proper technical discussions, such
as the format of RFCs and Internet Drafts, NATs are good/bad/ugly, "add
me/remove me" messages, and conference location debates.

RE: IETF logistics

[Ian King]

IMHO that's an excellent suggestion.  It's been my experience that when you
state that the draft is itself an agenda item, previously resolved issues
often get rehashed, sometimes contrary to the clear consensus of the list.
This strategy would also allow less opportunity for those who haven't read
the draft to turn the session into a tutorial.  -- Ian 

-Original Message-
From: Randy Bush [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, December 19, 2000 9:26 AM
To: Scott Brim
Cc: ietf
Subject: Re: IETF logistics


> I would suggest that chairs try setting the agenda around issues, not
> around drafts themselves.  The main point of the face-to-face meetings
> is to resolve issues that cannot be resolved by mail.  Put those on the
> agenda, and let the combatants present as much tutorial information as
> they feel is necessary to make their point -- but don't set up the
> editor of a particular draft to give a presentation first, followed by
> discussion.  Don't even put the draft title on the agenda, just in the
> preliminary mail sent out before the meeting.  Thoughts?

sounds good to me!

randy

RE: Diacritical application in the DNS

[Ian King]

Maybe that's why the marketing guys don't laugh at some of our jokes -- by
the time we get to the punchline, they're planning a campaign to promote the
idea!  :-)  

- Ian King (who actually does respect our marketing folks.  Really.) 

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, December 06, 2000 2:00 PM
To: Henning G. Schulzrinne
Cc: Keith Moore; Johnny Eriksson; [EMAIL PROTECTED]
Subject: Re: Diacritical application in the DNS


Henning wrote:
> And they would insist that something like
> 
> 180.035.069.037
> 
> would spell 1-800-Flowers and try to reserve an IP address based on that
> name.
> -- 

Believe it or not, the SRI NIC did get at least one request for a vanity
IP address around 1988-89.  As your example notes, they wanted it to
spell out the name of the organization.

It's awfully hard to parody marketing, isn't it?
regards,
Ted Hardie

RE: VIRUS WARNING

[Ian King]

The goal of those who write viruses is to get attention, true?  I guess they
figure that writing their viruses for Windows is going to get them a lot
more attention than writing for other operating systems with smaller user
bases.  :-)  

Tongue firmly in cheek -- Ian King 
--
DISCLAIMER: The foregoing is my personal opinion, and should not be
construed as the official position of or statement by my employer.  

-Original Message-
From: Randall Stewart [mailto:[EMAIL PROTECTED]]
Sent: Friday, May 05, 2000 1:05 PM
To: Michael H. Warfield
Cc: [EMAIL PROTECTED]; Scot Mc Pherson; [EMAIL PROTECTED]
Subject: Re: VIRUS WARNING


Michael:

I could not agree more, we have a few (possibly .. 3) virus that have
infect *nix systems. Even more telling, look at how linux systems
have NOT been infected or bothered much. I find this interesting
since the code - bugs, wart, and any holes are available to any
who want to look at it...

Now if I take and switch the machine I am typing on over to
that "other" o/s the virus scanner it has lists 100's and I 
mean 100's of viruses...

I do understand that some of us are STUCK with that other
O/S... but there are options.. I too am in theory using it.. but
only when I have to... I do all my real work on the linux side and
only occasionaly fire up the other side to read a awful .doc or .ppt
file...

I simply refuse to allow our IT dept to have there way with me and
infect me with the worst virus... that other O/S :-)

R
[snip]

RE: IPv6: Past mistakes repeated?

[Ian King]

Yes, we made a guess -- a design compromise.  Folks, we're engineers, and we
come up with "good enough" answers.  Sure, we try to make sure that the
"good enough" answers are good enough for the majority of situations, for a
reasonable length of time.  But we're not prophets or philosophers or
prescient -- we're just engineers.  We made some "good enough" guesses with
IPv4 that, as Keith points out, got us to the situation of a global Internet
-- and our present dilemma is a byproduct of that solution's success.  I
would not be disappointed if our next "good enough" guess lasts us as long
as the last one.  After all, I'll want SOMEthing entertaining to do twenty
years from now.  :-)  

BTW -- I feel the same way about NAT: it's "good enough" for many
situations.  :-) Send me mail at home, it goes to one machine on my internal
172.16 LAN; check out my personal webpages, you're talking to another
machine (and a different OS) in that address space.  You don't see that, and
frankly I don't think about it very often.  It's close to a "it just works"
solution -- which is "good enough" for now.  

-- Ian 

> -Original Message-
> From: Keith Moore [mailto:[EMAIL PROTECTED]]
> Sent: Monday, April 24, 2000 5:38 PM
> To: Anthony Atkielski
> Cc: [EMAIL PROTECTED]
> Subject: Re: IPv6: Past mistakes repeated? 
> 
> 
[snip]
> 
> but this same impossibility means that we do not know whether 
> we should
> put today's energy into making variable length addresses work 
> efficiently
> or into something else.  so we made a guess - a design compromise -
> that we're better off with very long fixed-length addresses because 
> fast routing hardware is an absolute requirement, and at least today
> it seems much easier to design fast routing hardware (or software)
> that looks at fixed offsets within a packet, than to design 
> hardware or
> software that looks at variable offsets.
> 
[snip]

RE: IPv6: Past mistakes repeated?

[Ian King]

"Near-perfect example"?  I beg to differ.  I used to work for a Local
Exchange Carrier.  

The telephone number situation in the United States has been one of
continual crisis for years, because of rapid growth in use (in part because
of Internet access!).  The area served by a given "area code" would be split
into smaller areas with multiple area codes; these days, those areas aren't
necessarily even contiguous.  Moving from seven-digit to (effectively)
ten-digit numbers was difficult, if not impossible, for some older
equipment; sometimes a kludge could be developed to allow the old equipment
to be used for a few more months or years, but often as not new equipment
was required, at considerable cost.  It was difficult for end users, too: in
addition to the confusion everyone suffered during the transition (I still
get scads of wrong numbers on my cellphone, because people forget the area
code is needed), businesses had to spend great sums of money to revise their
public appearance (advertising, letterhead, etc.).  

And, often as not, we'd do it all over again a few months later.  

My point is that ANY numbering scheme is difficult to change, once it's in
place.  Someone else on this thread made a good point, however, that the
administration of that scheme can make worlds of difference - this person's
point was about "giveaway" assignment of large portions of the address
space, "because there's so much" -- hm, sounds like the exhaustion of
Earth's natural resources, too.  :-)  I'd suggest that address assignment
policy should keep process lightweight, so that it is realistic for
businesses to regularly ask for assignments in more granular chunks; rather
than grabbing a class A-size space "just in case", big users would be
willing to request another 256 when the new branch office opens, then
another 64 for the summer interns... and so individuals can easily get
multiple addresses through an ISP.  

In fact, it should be as easy as getting a telephone number.  -- Ian 

> -Original Message-
> From: Anthony Atkielski [mailto:[EMAIL PROTECTED]]
> Sent: Monday, April 24, 2000 3:05 AM
> To: [EMAIL PROTECTED]
> Subject: IPv6: Past mistakes repeated?
> 
> 
[snip]
> The only real solution to this is an open-ended addressing 
> scheme--one to which digits can be added as required.  And it just so
> happens that a near-perfect example of such a scheme is right 
> in front of us all, in the form of the telephone system.  Telephone
> numbers have never had a fixed number of digits.  The number 
> has always been variable, and has simply expanded as needs 
> have changed
> and increased.  At one time, a four-digit number was enough 
> to reach anyone.  Then seven-digit numbers became necessary.  Then an
> area code became necessary.  And finally, a country code 
> became necessary.  Perhaps a planet code will be necessary at 
> some point in
> the future.  But the key feature of the telephone system is 
> that nobody ever decided upon a fixed number of digits in the 
> beginning,
> and so there is no insurmountable obstacle to adding digits 
> forever, if necessary.  Imagine what things would be like if 
> someone had
> decided in 1900 that seven digits would be enough for the 
> whole world, and then equipment around the world were designed only to
> handle seven digits, with no room for expansion.  What would 
> happen when it came time to install the 10,000,000th 
> telephone, or when
> careless allocation exhausted the seven-digit space?
> 
[snip]

RE: draft-ietf-nat-protocol-complications-02.txt

[Ian King]

Maybe we need to help make it easy to GET assignments of blocks of addresses
for individuals/small businesses/etc.  Part of the problem is the obvious:
IPv4 addresses are running short.  Part is the "K-Mart" level of product
understanding I've experienced with many vendors of Internet connectivity.
When I asked a cable IP vendor about getting a static address assignment,
the (sales) person said, "Oh, there's no static, it's the Internet."  
That's a priceless quote, but frankly dial-up vendors weren't any better.  

The first is an engineering problem, and we're working on that one (IPv6),
right?  :-)  The second is a market problem, and I don't think it's going to
go away until either telcos realize that they need to make a commitment to
being in the IP business (and train their staff), or we have meaningful
alternatives to the telcos for individual connectivity.  

>From the individual user's perspective, NAT does seem a lot easier.  You
hook computer A to the ISP, computers B and C to computer A, and everyone
can surf -- cool.  I AM a networking geek, and NAT was a lot easier (and
cheaper) than the alternatives.  I suspect it will remain so for at least a
while -- Ian 

> -Original Message-
> From: Keith Moore [mailto:[EMAIL PROTECTED]]
> Sent: Sunday, April 23, 2000 8:44 PM
> To: Dick St.Peters
> Cc: [EMAIL PROTECTED]
> Subject: Re: draft-ietf-nat-protocol-complications-02.txt 
> 
> 
> > Most users are not
> > networking geeks.  They like NAT because NAT boxes make 
> what they want
> > to do so easy.
> 
> presumably they don't realize that the NATs are making it hard 
> to do other things that they might want to do.
> 
> I wonder...how many of these folks really want network address 
> translation, versus those who just want the other things that
> NAT boxes often do?   (DHCP, firewall, hub, router, all with 
> really easy setup)
> 
> maybe we need to make it as easy to connect a small net to the 
> Internet, as it is to connect a host. 
> 
> Keith
> 

RE: recommendation against publication of draft-cerpa-necp-02.txt

[Ian King]

I have a hammer.  

It's been driving nails just fine for twenty years.  It's a first rate
hammer, for which I paid top dollar.  It's a really useful tool.  But when I
try to open beer bottles with it, I end up with glass splinters in my beer.
What gives?  

As has been pointed out many times in many ways, the Internet was not
originally designed as a secure network, nor for many of the other tasks we
now wish it to perform.  Should we have implemented something in another
way?  Moot question, we have what we have.  Should we learn from our
mistakes, and when we can see something that appears to be yet another
mistake (no matter how appealing it is as a "quick fix"), avoid making that
mistake?  

We clever, clever engineers have come up with a number of interesting
"solutions" (workarounds?) for the limitations of the network we have
created.  Some of them are, in the long run, not good ideas, although they
are useful as interim solutions.  Some of them are just too violent to the
rules of the game as they are defined (by us!), and/or establish technical
or process precedents that are too dangerous to be allowed.  

-- Ian King

-Original Message-
From: Paul Francis [mailto:[EMAIL PROTECTED]]
Sent: Friday, April 07, 2000 12:13 PM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED];
[EMAIL PROTECTED]
Subject: Re: recommendation against publication of
draft-cerpa-necp-02.txt


>  
>  In my 20+ years of security experience in the Internet community, it 
>  has often been the arguments for the need to make do with existing 
>  features or to adopt quick fix solutions that have retarded the 
>  deployment of better security technology.  In retrospect, this 
>  approach has not served us well.
>  

I have a time machine.

I just went back 20 years in time, convinced everybody that it
was always more important to implement proper security than to
make do with existing features and quick fix solutions.  Having
thus changed the future, I went back forward in time.
Guess what---there was no internet!

PF

RE: IETF Adelaide and interim meetings for APPS WGs

[Ian King]

IMHO, people are reading way too much into this.  

Most of the participation is by folks from the US -- that stat is raised at
every meeting.  BTW, the Internet started in the US, those neat maps
displayed at plenary sessions show an overwhelming focus of connectivity in
the US, and many many technology companies are located in the US.  

Notwithstanding, the organization does hold meetings both inside and outside
the US, because the Internet is a global entity with international
involvement.  While this is IMHO a Good Thing, reality is that the longer
trips sometimes pose a problem for some participants -- whether that's
traveling from the US to Australia, or Australia to the US.  Statistically,
the burden hits more people for meetings outside the US, simply because
regardless of where we hold the meetings, there are more attendees from the
US than from any other place.  (At this juncture, I would like to salute the
folks from outside the US who nonetheless attend the majority of US-based
meetings.)  

To those of you outside the US who don't think there are enough meetings
outside the US: IF YOU SPONSOR THEM, WE WILL COME.  I've seen the open,
standing invitations to sponsor meetings -- so step up and sponsor.  

For those who think Australia is a long way to go: you're right, if you are
in North America or Europe.  Many WG chairs may be making an 'economic'
decision -- or their employers have made it for them.  (I'm not going
because I don't want to be away from my new baby daughter yet.)  But since
the work REALLY gets done on the mailing lists (so we say, officially), you
can still make a difference, if you so choose.  Not to say I don't think
there's a lot of value to the face-to-face meetings, but when I chaired a
WG, I got a lot of great input from people who never attended a single WG
session in person.  

Bottom line: go if you can and wish to, don't whine if you can't or won't.
And please quit with the "conspiracy theories" about US-centricity -- it's
an accident of history, nothing more.  Don't expect us Americans (or US
residents) to feel guilty or go slit our wrists over it.  And for whatever
reason, English does seem to serve as a common tongue in the world of
technology -- again, I'm not going to apologize for it.  (And it doesn't
stop us from working hard to figure out how to represent ALL the languages
of humanity in digital form)  

Please forgive my typing -- my daughter is keeping one arm busy.  
-- Ian King, Speech Product Group, MICROSOFT CORPORATION

-Original Message-
From: Masataka Ohta [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, February 15, 2000 3:39 PM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: Re: IETF Adelaide and interim meetings for APPS WGs


Jeffry;

IETF is certainly US and English centric.

The current rules of IETF does not explicitely prefer some country
so much, though many important organizations have addresses in US
and English is the language of the rules. However, the rules keep
or amplify the US centric tendency, because a large number of US
participants means a large number of IAB/IESG members is likely to
be nominated.

Moreover, English centric IETF meetings are hard to be actively
attended by people whose primary language is not English. Compared
to other International organizations, IETF requires too much in
English capability. Worse, in IETF, inactive participation is
nothing.

Having a meeting in AU does not solve the latter, English, problem.

However,

> The problem I have with the Adelaide meeting is very simple.  With so
> few working groups holding sessions, I can't justify making the trip.
> This would be true for a meeting at any location more than 400 miles
> away.  If only one group that I am interested in is holding a session,
> I can't go.  The powers that be just won't approve it.

it is a good solution for the first, US, problem.

Moreover, you are saying that the recent problem of IETF that there are
too many bogus WGs with too many people is also solved.

Very good.

So, all the future IETF meetings should be held in areas far away
from US and, in addition, where English is not the major language.

There many be an exception once in 10 years, of course.

Masataka Ohta

RE: IP network address assignments/allocations information?

[Ian King]

Will this never end...? 

If you want to be able to control individual lightbulbs in your house, how
about an IP <-> X10 gateway?  X10 (as an example, not because I have any
particular attachment to it) is a useful protocol for controlling devices
(usually with limited "intelligence") within a home; that's what it was
designed for.  Do you use SMTP to program your router?  Let's use
appropriate protocols at appropriate times and places.  

PDA?  Why can't I talk to my home machine?  I do it all the time (not with a
PDA, but with other devices), even though the machine is inside a NAT
"boundary".  Yes, it took a little configuration magic, but nothing as
complex as e.g. RSIP.  

Why is this about "controlling the household from the outside"?  I thought
this thread was about "big companies controlling large private address
spaces"?  Or end-to-end UDP for the latest version of Quake?  Or SNMP to
flush my toilet from McMurdo Sound?  This thread has wandered over a lot of
territory.  

NAT IS A HACK.  Is it a useful hack?  In some circumstances, yes.  I use it,
without a lot of attention on it; my wife uses this computer to browse the
Web and read email, and when I say NAT she reaches for the bug spray.  :-)  

Does NAT work at the ISP level?  Depends on what the ISP is selling.  I had
a lot of problems with ISPs who wanted to sell me a "black box" of Internet
connectivity -- I'm a geek, I know what I want, and some of them didn't want
to sell it to me (in large part because their sales reps didn't understand
what I was talking about).  Does an AOL user care about his place in the
address space hierarchy?  Likely not, nor does he "purchase" a right to
care.  Do I care?  Yes, and I pay for it, and I get it.  

Does NAT work for corporations?  Depends on what they are hoping to buy with
it.  A NAT client at Foo Corp can attempt to access resources across the
net; if Bar Industries is also using NAT, Bar's NAT must be configured to
direct the incoming requests.  But that can work just fine.  Multilevel NAT
(i.e. within an organization) is as prone to problems as multilevel
marketing; Just Say No.  

Corporations can use firewalling, internal network addressing, and proxies.
Microsoft does this, and I rarely experience a situation in which I cannot
do the "end to end"-ish thing I want to do.  (You can't do it from outside,
but that's why it's a firewall.)  

NAT IS A HACK.  Why is there so much effort going in to somehow either
"legitimizing" it, or demonizing it?  As I've said before, I use it because
my ISP is greedy and wants a lot of money for more than one IP address; I
think they assume I'm doing something "commercial".  (I also pay a premium
for my DSL connection because it's not the base "consumer" speed, and USWest
assumes it's "commercial".)  As a side-effect, it creates a level of
security; my "inside" machines are not directly on the Internet, and it
makes it harder for them to be compromised.  (Not impossible, but harder,
and there's nothing there that makes it worth it.)  That's why I use NAT.  

Is NAT right for you?  NAT IS A HACK.  Does it serve your purposes?  If so,
cool, go for it.  If you are a vendor to others, does it serve your
customers' purposes?  If not, and you are selling them something you can't
and don't provide, then you are a crook and legal process should be invoked
to deal with you.  

Does SMTP give you "end to end connectivity" to each email user you address?
No, they can be on completely disjunct machines, with incompatible (or no)
network capabilities.  (When you send me email, you are NOT sending it to
the machine where I read it, nor could you get here from there.)  There are
certainly some protocols that fail without "real" end-to-end connectivity.
There are many that do not.  

It is an invalid assumption that, as a class, devices won't be able to
communicate with your home devices because of a NAT -- in some cases it's
true, in others, false, in others, it requires a little more hacking.  NAT
IS A HACK.  Maybe a particular circumstance requires a little more hacking,
maybe it requires an ALG, or maybe it requires a redesign of its protocol to
allow for NAT.  Question: is what you get, worth the effort?  Long term?  

NAT IS A HACK.  Let's step back and focus on ways to fix the problems that
led people to think of NAT in the first place, rather than trying to
engineer NAT as a long-term solution to those problems.  Perhaps NAT will
remain as a solution for a certain, smaller class of problems -- cool.  If
NAT isn't solving your problems, DO SOMETHING ELSE.  But building a world on
NAT is building a world on a HACK.  

PS: my bathroom light is OFF.

-Original Message-
From: Keith Moore [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, December 07, 1999 7:41 PM
To: Tripp Lilley
Cc: Keith Moore; Daniel Senie; Perry E. Metzger; Randy Bush; ietf
Subject: Re: IP network address assignments/allocations information? 


> Is this really the "right" model for that sort of inter

RE: IP network address assignments/allocations information?

[Ian King]

Can we take this off the IETF list?  This sounds like a perfect argument for
the NAT list, rather than the general IETF list.  This has been going on for
days, and this single subject keeps overflowing my inbox  -- Ian 

-Original Message-
From: Josh Duffek [mailto:[EMAIL PROTECTED]]
Sent: Monday, December 06, 1999 4:05 PM
To: Josh Duffek; Polinsky, Steven; [EMAIL PROTECTED]
Cc: 'Perry E. Metzger'; J. Noel Chiappa; [EMAIL PROTECTED]
Subject: RE: IP network address assignments/allocations information?


Classles routing rather :)

Josh

> -Original Message-
> From: Josh Duffek [mailto:[EMAIL PROTECTED]]
> Sent: Monday, December 06, 1999 5:44 PM
> To: Polinsky, Steven; [EMAIL PROTECTED]
> Cc: 'Perry E. Metzger'; J. Noel Chiappa; [EMAIL PROTECTED]
> Subject: RE: IP network address assignments/allocations information?
>
>
> In a perfect world with proper network design I would have to
> disagree with
> you.  I believe that properly subnetted the private address space
> allocated
> would be enough.  Classful routing and VLSM should take care of this
> problem.
>
> But in the real world, with not so great network design I have seen many
> cases where more space is needed.
>
> Josh
> [EMAIL PROTECTED]
>
> > -Original Message-
> > From: Polinsky, Steven [mailto:[EMAIL PROTECTED]]
> > Sent: Monday, December 06, 1999 5:20 PM
> > To: '[EMAIL PROTECTED]'
> > Cc: 'Perry E. Metzger'; J. Noel Chiappa; [EMAIL PROTECTED]
> > Subject: RE: IP network address assignments/allocations information?
> >
> >
> > I'm not advocating one technology over another. I am claiming
> that in the
> > IPV4/Private/Public/NAT world, a bigger pool of Private space
> > would be a big
> > help to many organizations.
> >
> > Steven
> >
> > Steven M. Polinsky
> > Vice President, Information Technology
> > Goldman, Sachs & Co.
> > 180 Maiden Lane
> > New York, NY 10038
> > 212-902-3669
> >
> >
> > -Original Message-
> > From: Jeffrey Altman [mailto:[EMAIL PROTECTED]]
> > Sent: Monday, December 06, 1999 6:08 PM
> > To: Polinsky, Steven
> > Cc: 'Perry E. Metzger'; J. Noel Chiappa; [EMAIL PROTECTED]
> > Subject: RE: IP network address assignments/allocations information?
> >
> >
> > > To me the biggest problem here, is the common situation such that
> > companies
> > > have separate (and necessary) Internet and Remote Access firewalls. RA
> > > firewalls exist in multiple global locations within an enterprise.
> > >
> > > Multiple instances of the same Private addresses would enter
> > (or exit) the
> > > enterprise network via Private lines from different companies
> if not for
> > > careful configuration management across and negotiation between "NAT
> > > Administrators", within the enterprise, and between
> > enterprises. The most
> > > difficult part is the negotiation with client/vendor site NAT
> > Admins as to
> > > who should NAT which addresses into which addresses. We often need to
> > > negotiate between 3 RA connected companies. Not only is this
> > painful, but
> > > one can never sleep comfortably, knowing that a NAT Admin at a
> > 3rd company
> > > will not make a mistake and connect someone new at our NATed address.
> > >
> > > There are not enough Private Addresses to go around.
> >
> > This sounds to me like more of an argument why private addresses
> > should be used on networks connected to public networks.  It is not
> > an argument for more private networks but for the move to IPv6 and
> > the banning of NATs.
> >
> >
> > Jeffrey Altman * Sr.Software Designer * Kermit-95 for Win32 and OS/2
> >  The Kermit Project * Columbia University
> >   612 West 115th St #716 * New York, NY * 10025
> >   http://www.kermit-project.org/k95.html *
> > [EMAIL PROTECTED]
> >
>

RE: IP network address assignments/allocations information?

[Ian King]

So what you're saying is that NAT doesn't scale well, at least from a
management perspective.  I'm not surprised.  Again, I would suggest that NAT
is not a silver bullet, but rather a useful "hack" in some circumstances.
The situation you describe appears to be demonstrative of its limitations.
(BTW, one time I forgot to change the NAT rules when I moved my sendmail
server on my four-machine network, and)  :-) 

But then again, I would expect that a large corporation would see the need
to own a large address space, rather than attempting to "pseudo-expand" its
address space through the use of NAT.  (My company, with a fairly
substantial intranet, uses proxying as its internal solution.)  Maybe I
don't understand the usage you're describing, but the point I keep trying to
make is that NAT isn't evil; that doesn't mean it solves every problem, OR
that it should be re-engineered so that it does.  -- Ian 

-Original Message-
From: Perry E. Metzger [mailto:[EMAIL PROTECTED]]
Sent: Thursday, December 02, 1999 2:54 PM
To: Ian King
Cc: 'Richard Shockey'; Keith Moore; [EMAIL PROTECTED]
Subject: Re: IP network address assignments/allocations information?



Ian King <[EMAIL PROTECTED]> writes:
> And yes, additional IP addresses were going to cost dramatically more.
NAT
> was a simple case of economics... but on the other hand, I don't
experience
> any "lack" because of it.

You aren't a large corporation trying to deal with huge numbers of
private customer connections running over IP. When you've been
awakened in the middle of the night every night for a week, because
the NAT rules to deal with the fact that you have several
intercommunicating networks all of which think they're 10.0.0.0/8 have
become so complex no human can really remember them all any more,
you'd experience what many of the rest of us feel week after week. The
lack in question is a lack of sleep.

Anyone out there who thinks NAT works well and is harmless is not
familiar with how the brave new world of pseudo-internetworking
works.

"Oh, no. When we moved the mail hub for the client access networks in
location A, it seems no one remembered to update the NAT rules for the
systems in location C. That's why the help desk has been inundated
for three days..."

Perry

RE: IP network address assignments/allocations information?

[Ian King]

I think the below statement provides important perspective.  NAT is not the
Antechrist, nor is it salvation.  Much of the work on "improving" NAT seems
much like "improving" the Band-Aid so it will last for a year, although no
one wears one for more than a couple of days!  When IPv6 is deployed and
everyone's toaster can have its own IP address, I suspect that most folks
will be perfectly happy to decommission their NAT boxes.  

Firewalls are another and likely more significant issue.  However, focusing
on firewalls narrows the issue considerably; how many corporations are
concerned whether their firewalls are Quake-friendly?  For those protocols
that are of interest to users of firewalls, the necessary work can be done
to either build ALGs, figure out tunneling methods, or design
firewall-friendly protocols; that work will be driven by a business need,
rather than an academic discussion of what "should" work.  

It's important to know which protocols are broken by NAT and firewalls --
Keith Moore's work on that is very useful.  But does each instance of
"breakage" represent something that needs to be "fixed"?  Part of this
problem (NAT) will almost certainly go away; the other part (firewalls)
requires at most a subset solution.  

Maybe we're trying too hard?  :-)  -- Ian 

-Original Message-
From: Tony Dal Santo [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, November 30, 1999 8:29 AM
To: [EMAIL PROTECTED]
Subject: Re: IP network address assignments/allocations information?


[snip]

While NAT is an adequate stopgap solution to IP address dilemmas, in my
opinion, it shouldn't be the final solution.

[snip]

RE: IP network address assignments/allocations information?

[Ian King]

Yes, my ISP is charging me for my DNS entry -- a static entry made once in a
zone file, but I'm paying monthly to have a domain name!  Never mind that I
don't use their mail server or Web page service or DNS server  

And yes, additional IP addresses were going to cost dramatically more.  NAT
was a simple case of economics... but on the other hand, I don't experience
any "lack" because of it.  I don't play UDP-based games or employ any of the
other relatively new protocols that are so sensitive to end-to-end-ness
(should they be? was that a valid assumption?), so a NAT is a great solution
for me.  

NAT would be bad if an ISP were using it to artificially expand its address
space; the use of NAT at the "small-time" end user's site seems quite
practical and beneficial, especially in a world where ISPs are going to hold
up non-naive users for ransom.  Cheers -- Ian 

-Original Message-
From: Richard Shockey [mailto:[EMAIL PROTECTED]]
Sent: Monday, November 29, 1999 8:00 PM
To: Keith Moore
Cc: [EMAIL PROTECTED]
Subject: Re: IP network address assignments/allocations information? 


At 07:02 PM 11/29/1999 -0500, Keith Moore wrote:
> > Many of the people who have deployed NATs are responding directly to the
> > address scarcity (and resultant cost). If you consider that many ISPs
now
> > have different pricing models for multiple IP addresses than they do for
a
> > single (regardless of bandwidth used), it isn't surprising.
>
>no, not surprising (and in fact some people predicted it), but
>it is surely unfortunate.

I can personally testify to the above comments. Consider...we are all IP 
professionals ...so we'd like to occasionally play with all of the 
wonderful toys we've built...at home. Our fathers stuck their heads under 
the hoods of cars or played with short wave radios...we play with IP.

Now try and ask your friendly neighborhood DSL or Cable Modem provider 
about getting a nice chunk of IP addresses. Well we all know what DSL 
really means ..._D_riveway _S_ite _L_iaison  or the modern version of "Who 
on first?".

You want to run a web server, DNS (from home?)  IPP printer accessible 
printer ( DUH what's IPP?), SIP phone .. pick your application.  To the 
service providers the request for IP addresses is some sort of strange 
signal that you're running a eCommerce site from home or worse a Game/Porn 
site. Something that they believe they should charge more money for.

The path of least resistance is just install a NAT. The market for NAT 
device/software products are being driven by in part the lack of IP4 
numbers but certainly the lack of knowledge, marketing skills or just plain 
greed of the ISP community.


 >>
Richard Shockey
Shockey Consulting LLC
8045 Big Bend Blvd. Suite 110
St. Louis, MO 63119
Voice 314.918.9020
eFAX Fax to EMail 815.333.1237 (Preferred for Fax)
INTERNET Mail & IFAX : [EMAIL PROTECTED]
GSTN Fax 314.918.9015
MediaGate iPost VoiceMail and Fax 800.260.4464
<<

RE: Call for Discussion on I18N Domain Names WG Charter

[Ian King]

These items sound IMHO like important groundwork for that latter document.
By focusing on such things as these early, a WG avoids getting bogged down
in religious wars OR reinventing yet another wheel.  Once these two
Informational RFCs are written, either this WG or another can always "do the
math" to determine if there is already a workable solution in existence, or
more work is needed.  

This is an interesting problem.  I for one intend to come play  :-)  

-- Ian 

-Original Message-
From: John Gilmore [mailto:[EMAIL PROTECTED]]
Sent: Monday, November 22, 1999 12:36 AM
To: James Seng
Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED]; Marc
Blanchet; J. William Semich; Shigeki Goto; Tan Tin Wee; [EMAIL PROTECTED]
Subject: Re: Call for Discussion on I18N Domain Names WG Charter 


> The Action Item(s) for the Working Group are
> 
> 1. An Informational RFC specifying the requirements for I18N of Domain
>Names and considerations for developing a solution to the problem.
> 
> 2. An Informational RFC documenting down the various proposal and 
>Implementation of I18N of Domain Names. 

Wouldn't it be better for the WG to have an explicit goal of defining
standards-track protocols and operational requirements for
internationalization of the domain name system?  Informational RFC's
are useful, but not nearly as useful as interoperable standardized
protocol implementations.

John