margaret@xxxxxxxxxxxxxx (Margaret Wasserman) wrote on 23.11.04 in <p0602041fbdc8cdee09b3@[192.168.2.2]>: > The average Internet user (home user or enterprise administrator) > does not care about the end-to-end principle or the architectural > purity of the Internet. Maybe not the average usr, but a pretty large subset *does* care - because it makes it extremely hard to do what they want: to make a connection to their small business network (behind a dynamic IP) from somewhere else (also behind a dynamic IP). It's possible (using one of a large number of dynamic DNS providers), but it is neither obvious nor trivial - in fact, it is hard for them to understand even what the problem is. I just yesterday talked someone through this - a (small) business net admin wanting to access that net from home. This was someone who does database programming and at least sometimes creates networks for customers. And he *still* had a hard time with the consequences of dynamic IP and NAT. No, it's not the majority - but yes, it *is* a pretty significant subset. You don't need to be all that far apart from average to bloody your nose on this. > (2) One-way connectivity could be provided via stateful firewalls > instead of via NAT. You don't need all that much state for most of the protection. Just looking at TCP SYN does cover about 75% of the problem, I'd say, and that's completely stateless. (Not to say that the other 25% aren't important.) MfG Kai _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf