[VOIPSEC] IPv6 and the demise (or not) of NAT (was Re: Interactive Connectivity Establishment (ICE))
Bipin_Mistry at 3com.com
Bipin_Mistry at 3com.com
Mon Nov 14 15:52:25 CST 2005
So I agree with you Phillip. There should be a standard way of telling
the Firewall which ports it needs to open and close and not rely on
session border controllers.
"Hallam-Baker, Phillip" <pbaker at verisign.com>
Sent by: Voipsec-bounces at voipsa.org
11/14/2005 02:51 PM
To
"Robert Moskowitz" <rgm at icsalabs.com>, <dan_york at Mitel.com>, "Geoff
Devine" <gdevine at cedarpointcom.com>
cc
Voipsec at voipsa.org
Subject
Re: [VOIPSEC] IPv6 and the demise (or not) of NAT (was Re: Interactive
Connectivity Establishment (ICE))
While I agree with your conclusion, I don't think you can carry the
argument using 'don't go there'.
NAT is nothing more than a return to the original concept of an
internetwork, a network of networks. The fact that there is ip traffic on
both sides doe not change the need for gates and gatekeepers.
There are still people who don't get security, they are still wrapped up
in theological discussions on end to end. Like many theologians through
the ages the texts they cite are usually silent on the case they claim or
actually say the opposite. End to end is no exception, the original paper
is not a security argument.
The point is that if people want voip to work well through nat it would be
best to write the missing spec that allows a device to tell the firewall
what it wants to do, how it will do it and ask the nat/firewall nicely to
be let through.
Let's get out of the business of ad hoc workarounds.
-----Original Message-----
From: Robert Moskowitz [mailto:rgm at icsalabs.com]
Sent: Mon Nov 14 11:24:59 2005
To: dan_york at Mitel.com; Geoff Devine
Cc: Voipsec at voipsa.org
Subject: Re: [VOIPSEC] IPv6 and the demise (or not) of NAT (was Re:
Interactive Connectivity Establishment (ICE))
At 02:26 AM 11/14/2005, dan_york at Mitel.com wrote:
>Goeff, (or the (many?) others who have opinions on this subject)
>
> > Any solution to this problem is imperfect until we all migrate to IPv6
> > where NAT is no longer necessary.
Throughout the IPng discussions, I had always held that NAT would not
go away. Neither for corporate use or for home use.
And this is not just because I am one of the authors of RFC 1918!
The arguements are many; I don't see any value of going into it here.
Just don't build your IPv6 business plan on no more NATs....
For time is the longest distance between two places.
Tennessee Williams
_______________________________________________
Voipsec mailing list
Voipsec at voipsa.org
http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
_______________________________________________
Voipsec mailing list
Voipsec at voipsa.org
http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
More information about the Voipsec
mailing list