> Mind you, I'm not saying that protocols should always use a UDP > shim layer. But I think the tradeoffs in favor of doing so are a bit > stronger > than you seem to think. This is my chance to act the naif for Valentine's Day, but ... I agree that UDP shims improve your ability to get through a NAT in the short term. However (and especially given Melinda pointing out that NATs impede connectivity for technical reasons, but firewalls impede connectivity for policy reasons), we need to recognize that this is an arms race. You may have better NAT-traversal characteristics using a UDP shim, but as soon as some firewall administrator says "gee, I wonder what's running over that UDP 5-tuple - gosh, it might be dangerous", you're dead, either way. Is there a firewall administrator's guide that DOESN'T say "deny all ports, and then open up the ports you need to open"? I've only encountered one hotel network that denied everything except HTTP, but that has happened - and then we really are back to the land of [RFC3205]. Thanks, Spencer _______________________________________________ Ietf@xxxxxxxx http://www.ietf.org/mailman/listinfo/ietf