[VOIPSEC] IPv6 and the demise (or not) of NAT (was Re: Interactive Connectivity Establishment (ICE))
pbaker at verisign.com
Mon Nov 14 19:51:35 GMT 2005
While I agree with your conclusion, I don't think you can carry the argument using 'don't go there'.
NAT is nothing more than a return to the original concept of an internetwork, a network of networks. The fact that there is ip traffic on both sides doe not change the need for gates and gatekeepers.
There are still people who don't get security, they are still wrapped up in theological discussions on end to end. Like many theologians through the ages the texts they cite are usually silent on the case they claim or actually say the opposite. End to end is no exception, the original paper is not a security argument.
The point is that if people want voip to work well through nat it would be best to write the missing spec that allows a device to tell the firewall what it wants to do, how it will do it and ask the nat/firewall nicely to be let through.
Let's get out of the business of ad hoc workarounds.
From: Robert Moskowitz [mailto:rgm at icsalabs.com]
Sent: Mon Nov 14 11:24:59 2005
To: dan_york at Mitel.com; Geoff Devine
Cc: Voipsec at voipsa.org
Subject: Re: [VOIPSEC] IPv6 and the demise (or not) of NAT (was Re: Interactive Connectivity Establishment (ICE))
At 02:26 AM 11/14/2005, dan_york at Mitel.com wrote:
>Goeff, (or the (many?) others who have opinions on this subject)
> > Any solution to this problem is imperfect until we all migrate to IPv6
> > where NAT is no longer necessary.
Throughout the IPng discussions, I had always held that NAT would not
go away. Neither for corporate use or for home use.
And this is not just because I am one of the authors of RFC 1918!
The arguements are many; I don't see any value of going into it here.
Just don't build your IPv6 business plan on no more NATs....
For time is the longest distance between two places.
Voipsec mailing list
Voipsec at voipsa.org
More information about the Voipsec