[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: bidding down attach on NAT-T

To: Steve Dispensa <dispensa@positivenetworks.net>
Subject: Re: bidding down attach on NAT-T
From: Francis Dupont <Francis.Dupont@enst-bretagne.fr>
Date: Tue, 18 Mar 2003 22:57:36 +0100
cc: Derek Atkins <derek@ihtfp.com>, Charlie_Kaufman@notesdev.ibm.com, Andrew Krywaniuk <askrywan@hotmail.com>, ipsec@lists.tislabs.com
In-reply-to: Your message of 12 Mar 2003 20:23:04 CST. <1047522184.2078.25.camel@bilbo>
Sender: owner-ipsec@lists.tislabs.com

 In your previous mail you wrote:

   IPSEC (as implemented) is a massive pain wrt NAT.
   Even if users have a choice to remove their NAT (i.e. their home
   Linksys router), they usually don't want to or can't.
   
=> I believe you assume far too much about the power of the IETF.
The only useful thing that IETF can (should!) do is to define
a good NAT traversal mechanism. To make its support mandatory is
only annoying for implementors, this doesn't make it more available
on the market...

   I realize there are lots of other ways for IPSEC to be employed, but
   remote network access is certainly a key area that is hurting because
   of this.  I strongly recommend a MUST for NAT-T.
   
=> reread RFC 2119.

Regards

Francis.Dupont@enst-bretagne.fr

References:
- Re: bidding down attach on NAT-T
  - From: Steve Dispensa <dispensa@positivenetworks.net>

Prev by Date: Re: "Me Tarzan, You Jane" in IKEv2-05
Next by Date: RE: "Me Tarzan, You Jane" in IKEv2-05
Prev by thread: Re: bidding down attach on NAT-T
Next by thread: I-D ACTION:draft-ietf-ipsec-esp-v3-04.txt
Index(es):
- Date
- Thread