On Monday 01 December 2008 16:13:05 ext Matt Mathis, you wrote:
> On Mon, 1 Dec 2008, Hesham Soliman wrote:
> >>> => Well, I'm not sure how a NAT can do that. You mean the NAT will
> >>> parse the binding update message deep inside the IPv6 extension
> >>> header in the inner IP packet? This is where the original address
> >>> is preserved. To do that, a NAT would have to understand the
> >>> various MIPv6 options, and if it did, it would know not to do
> >>> that :) The inner header is IPv6, so a NAT should not touch that.
> >>
> >> My understanding from the STUN work is that NATs have been observed
> >> which rewrite any sequence of four aligned bytes matching the source
> >> IP address, irrespective of its location within the packet (section
> >> 15.2 of RFC 5389).
> >
> > => Sounds freightning! May be we need to mandate encryption and hope that
> > no 4-byte sequence matched the IP address? What do they do with encrypted
> > packets? How do they know they're encrypted?
>
> I'd really hate to have address 32.116.104.101 (" the")....
> Such devices can't possibly survive, can they?
Depends what you need to survive...
If you only do DNS and a few TCP-based protocols which the brain-damaged ALG
would not affect, it might just work. We probably don't care about MIP not
passing through such abomination though.
--
Rémi Denis-Courmont
Maemo Software, Nokia Devices R&D
_______________________________________________
Ietf@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf