At 0:30 +0200 7/09/05, Iljitsch van Beijnum wrote:
On 7-sep-2005, at 0:16, Daniel Senie wrote:
Actually, a "Firewall Considerations" section would make sense.
What would be in such a section? There are only three possibilities:
1. There is no firewall: no need for text.
2. There is a firewall, and it doesn't try to block the protocol: no
need for text.
3. There is a firewall, and it tries to block the protocol.
So what text would be helpful in case #3? Either the firewall
successfully blocks the protocol and the firewall works and the
protocol doesn't, or the firewall doesn't manage to block the
protocol and the protocol works but the firewall doesn't. So
whatever happens, someone is going to be unhappy.
It could at least discuss the question "is the protocol designed in
such a way that firewall management is reasonably enabled?" . Two
obvious counter-examples come to mind: non-passive-mode FTP, and the
use of RTSP with RTP (and having to enable traversal for the RTP/RTCP
ports).
Then it could discuss whether this protocol can be individually
isolated and decisions on firewall handling be made in isolation for
it, or whether it is effectively bundled with other protocols which
will have to be handled together, and whether that 'bundle' is in
fact appropriate (e.g. if it layers on HTTP, is that appropriate?).
There are probably other questions as well.
--
David Singer
Apple Computer/QuickTime
_______________________________________________
Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf