On Jun 30, 2011, at 3:24 AM, Fernando Gont wrote: > On 06/30/2011 02:26 AM, Keith Moore wrote: >> Rather than having another of an endless series of discussions about >> the merits of NAT or lack thereof, can we just agree that it should >> not be pre-ordained that this WG should assume NAT as a solution? > > I was originally arguing, at the very least, in favour of a stateful > firewall at the border. I don't think the WG should be bound by existing technologies and assumptions. Perimeter security of some kind is probably appropriate. That doesn't mean that it has to look like firewalls do today. For one thing, users shouldn't have to muck with the details of which ports to allow. For another, trying to make security decisions be based on source IP address is ridiculous. And the idea that every application server on a home network needs to negotiate access through some application-specific external server (as is generally the case with NATs today) is also ridiculous. > Please correct me if I'm wrong, but this is what the IETF has already > proposed (output of v6ops) for v6. For some strange reason, I'm not particularly impressed with the output of v6ops lately. Especially in their ability to consider the interests of the broader Internet. Keith _______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf