Spencer Dawkins wrote: >> Mind you, I'm not saying that protocols should always use a UDP >> shim layer. But I think the tradeoffs in favor of doing so are a bit >> stronger >> than you seem to think. > > This is my chance to act the naif for Valentine's Day, but ... > > I agree that UDP shims improve your ability to get through a NAT in the > short term. However (and especially given Melinda pointing out that NATs > impede connectivity for technical reasons, but firewalls impede connectivity > for policy reasons), we need to recognize that this is an arms race. Thats why you need to separate it. Running ontop of UDP and TCP means that your protocol can function through a NAT which exists for the purpose of NAT, regardless of firewall and administrative policy. And it means its in a format that your firewall vendor COULD manage policy for. It removes the TECHNICAL barriers to working on the Internet, leaving just the POLICY barriers. Now, that doesn't address the problem of how we do a better job of managing those policy barriers. But one step at a time. -Jonathan R. -- Jonathan D. Rosenberg, Ph.D. 499 Thornall St. Cisco Fellow Edison, NJ 08837 Cisco, Voice Technology Group jdrosen@xxxxxxxxx http://www.jdrosen.net PHONE: (408) 902-3084 http://www.cisco.com _______________________________________________ Ietf@xxxxxxxx http://www.ietf.org/mailman/listinfo/ietf