Joel M. Halpern wrote: > As far as I can tell, most of what is being asked for here has little, > if anything, to do with NAT. To paraphrase: > > If we are going to have firewalls which block incoming connections, > communication between entities behind such firewalls should still be > possible without any "external" servers. > > That is a tall (not impossible, but quite tall) order, which we have > attempted to address several times with little effect. > > And let us be very clear. Network admins have been asking for and using > such features for at least 18 years, well before NAT. > > I would recommend separating the problems. The NAT solution, as I > understand it, does not make this problem worses. That is about all one > can ask of the NAT side of the equation. the problem with separating the problem is that we'll solve the "easy" part first (the NAT part) and put off trying to solve the biggest part of the problem that is really keeping applications from working efficiently or reliably ... and meanwhile we'll have done nothing to improve security either. Keith _______________________________________________ Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf