> Hallam-Baker, Phillip wrote: > > People appear to be so caught up in whether we should be > supporting NAT that > > the issue of how to support NAT is forgotten about. > > Agreed. However, at some point we're writing laws for the > lawless. NATs > exist only by breaking what few real standards we've had in the > Internet. Writing standards for the rest of us to traverse a moving, > lawless target is not necessarily productive, IMO. Most of the NAT vendors are engaged in IETF and have shown wilingness to comply with IETF standards, provided they allow them to get their job done. NAT has an important security role. We deploy it because our customers want to conceal their IP addresses against traffic analysis. Given that in the original Internet design IP was just the protocol run on the 'network of networks' I don't think that the claims that NAT is foreign to the Internet is valid. NAT appears to me to be part and parcel of the original concept. > email is a specious analogy, because many of the legacy systems were > implemented before, not in defiance of, Internet specs. Many of the problems with email are caused by compliance with IETF specs that were based on a broken model. The idea that servers should perform character set translation was broken, as was the idea that servers should do line wrapping for the client. But those servers are out there. When we designed HTTP all sorts of people were telling us that the protocol should assume that proxies mangle headers in the same way that mail agents do. Some well known IETF folks were screaming and stamping their feet, claiming that we should transport all images using BASE64 encoding, in case someone was using a connection that was not 8 bit clean. But as I said, it does not matter how we got into the swamp or whose fault it is. We are now in the swampt and we cannot get out of it using the mathematicians technique 'assume that we are on dry land'. Phill
Phillip Hallam-Baker (E-mail).vcf