In message <6.2.3.4.2.20050906181309.07350830@xxxxxxxxxxxxxxxxx>, Daniel Senie writes: >At 06:00 PM 9/6/2005, you wrote: >> >> The IETF has been doing extensive work on NAT traversal, have a look >> >> and see if you can reuse some existing mechanism. >> >> > All mechanisms used with the possible exception of an additional SNMP >> > table will be re-used from existing IETF work (mostly SSH with help >> > from the fact that it's based on TCP). >> >>Perhaps then it's time we consider mandating a "NAT-Traversal" section to >>standards track documents much like IANA and Security considerations have >>become common place to this day. Anything that's not covered by the BEHAVE >>work already done should be covered there, as the IETF seems to have indeed >>accepted the proliferation and widespread acceptance of NAT functionality. > >Actually, a "Firewall Considerations" section would make sense. That >section might indeed be a good place to discuss NAT issues, if any, >but firewall interactions with protocols exist in many cases where >NAT is in use. Though many have expressed their hope that NAT does >not persist in the IPv6 world, there should be no doubt in anyone's >mind that firewalls will be with us permanently. > Indeed. In Hal Burch's dissertation, he concluded that at least 93% of hosts attached to the Internet are behind a ltering device of some type. Because this excludes hosts behind rewalls that block all incoming connection attempts, the true percentage is even higher than 93%. Clearly, rewalls are an important consideration when designing protocols and developing models for the Internet. More of his measurements concluded that at least 56% of hosts are behind a firewall that blocks by default. _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf