[anonsec] Connection Latching draft review (draft-ietf-btns-connection-latching-04.txt)

Black_David@emc.com Black_David at emc.com
Wed Jan 9 08:22:31 PST 2008 

Nico,

> > > > -- NATs
> > > > 
> > > > p.5 says:
> > > 
> > > Well, does it hurt to have this?  I suppose this could be a MAY,
if
> > > implementors object (or it could be downgraded to MAY or removed
> > > altogether when in the progression to Standard).
> > > 
> > > I don't feel too strongly about it, but I also don't feel too
strongly
> > > about discouraging the use of NATs (face it: NATs are here to
stay, at
> > > least in the IPv4 world).
> > 
> > This isn't about discouraging use of NATs; I completely agree
> > that NATs are a fact of life for IPv4.  This is about avoiding
> > encouragement of NAT-specific code in protocols and applications
> > that don't need it (i.e., work just fine with IPsec NAT traversal).
> 
> I think this text doesn't do that at all.  Why would application
> developers bother to ask about NAT-related information when 
> they already know that their app works with IPsec NAT traversal?

Because there's a "SHOULD" in the standard written by people who
may have more of a clue about NATs.

> > Think of the goal as "damage containment" - it does hurt to
> > encourage unnecessary attempts to deal with NATs.  It may be ok
> > to have the interface if the interface adds value to what apps
> > already have to do to cope with NATs, but there should be a
> > rationale for the added value.
> 
> But also, and more to the point, as long as we accept the existence of
> NATs we might as well accept the existence of protocols which need
help
> to traverse them, and then we should accept some of the responsibility
for
> helping them.
> 
> I'd reverse your question and ask how making this information
available
> to the application developer encourages the development of new
> applications that need help in order to traverse NATs.

I hereby renew my membership in the "if in doubt, leave it out"
design camp ;-).  In any case, I'm ok with making the requirement
a MAY, at least for now.  

Thanks,
--David
----------------------------------------------------
David L. Black, Distinguished Engineer
EMC Corporation, 176 South St., Hopkinton, MA  01748
+1 (508) 293-7953             FAX: +1 (508) 293-7786
black_david at emc.com        Mobile: +1 (978) 394-7754
----------------------------------------------------

More information about the ANONSEC mailing list