[VOIPSEC] IPv6 and the demise (or not) of NAT (was Re: Interactive Connectivity Establishment (ICE))

Bipin_Mistry at 3com.com Bipin_Mistry at 3com.com
Mon Nov 14 15:52:25 CST 2005 

So I agree with you Phillip.  There should be a standard way of telling 
the Firewall which ports it needs to open and close and not rely on 
session border controllers.



"Hallam-Baker, Phillip" <pbaker at verisign.com> 
Sent by: Voipsec-bounces at voipsa.org
11/14/2005 02:51 PM

To
"Robert Moskowitz" <rgm at icsalabs.com>, <dan_york at Mitel.com>, "Geoff 
Devine" <gdevine at cedarpointcom.com>
cc
Voipsec at voipsa.org
Subject
Re: [VOIPSEC] IPv6 and the demise (or not) of NAT (was Re: Interactive 
Connectivity Establishment (ICE))






While I agree with your conclusion, I don't think you can carry the 
argument using 'don't go there'.

NAT is nothing more than a return to the original concept of an 
internetwork, a network of networks. The fact that there is ip traffic on 
both sides doe not change the need for gates and gatekeepers.

There are still people who don't get security, they are still wrapped up 
in theological discussions on end to end. Like many theologians through 
the ages the texts they cite are usually silent on the case they claim or 
actually say the opposite. End to end is no exception, the original paper 
is not a security argument.

The point is that if people want voip to work well through nat it would be 
best to write the missing spec that allows a device to tell the firewall 
what it wants to do, how it will do it and ask the nat/firewall nicely to 
be let through.

Let's get out of the business of ad hoc workarounds.



-----Original Message-----
From:   Robert Moskowitz [mailto:rgm at icsalabs.com]
Sent:   Mon Nov 14 11:24:59 2005
To:     dan_york at Mitel.com; Geoff Devine
Cc:     Voipsec at voipsa.org
Subject:        Re: [VOIPSEC] IPv6 and the demise (or not) of NAT (was Re: 
Interactive Connectivity Establishment (ICE))

At 02:26 AM 11/14/2005, dan_york at Mitel.com wrote:
>Goeff,  (or the (many?) others who have opinions on this subject)
>
> > Any solution to this problem is imperfect until we all migrate to IPv6
> > where NAT is no longer necessary.

Throughout the IPng discussions, I had always held that NAT would not
go away.  Neither for corporate use or for home use.

And this is not just because I am one of the authors of RFC 1918!

The arguements are many; I don't see any value of going into it here.

Just don't build your IPv6 business plan on no more NATs....



For time is the longest distance between two places.

Tennessee Williams



_______________________________________________
Voipsec mailing list
Voipsec at voipsa.org
http://voipsa.org/mailman/listinfo/voipsec_voipsa.org

_______________________________________________
Voipsec mailing list
Voipsec at voipsa.org
http://voipsa.org/mailman/listinfo/voipsec_voipsa.org

More information about the Voipsec mailing list