W3C home > Mailing lists > Public > ietf-discuss@w3.org > August 2001

Re: Use ofHTTP to pass firewalls

From: Patrik Fältström <paf@cisco.com>
Date: Wed, 22 Aug 2001 18:25:11 +0200
To: Keith Moore <moore@cs.utk.edu>
cc: Keith Moore <moore@cs.utk.edu>, Eric Brunner-Williams in Portland Maine <brunner@nic-naa.net>, jpalme@dsv.su.se, discuss@apps.ietf.org
Message-ID: <2345724.998504711@localhost>
--On 01-08-22 11.23 -0400 Keith Moore <moore@cs.utk.edu> wrote:

>> Is (1) and/or (2) ok?
> 
> no.  the last thing we need is to legitimize things that put brittle 
> per-flow state inside the network, intercept traffic for third parties,
> increase the dependence on DNS reliability (making the network less
> reliable), break existing applications, and reduce the flexibility of new
> applications.
> 
> you can't fix the NAT problem with hacks like this.  it only makes it
> worse.

I was not talking about NAT's, but things that block traffic on certain
ports, like normal firewalls, but you are completely right that this can be
used for NAT purposes aswell.

But, I get your point. Doing DHCP request, pppoe authentication etc when a
host "wakes up" and get's an IP address is one thing. Doing the same or
similar things when it for example starts it's "SIP telephony listener" or
initiates some other flow is not good.

That is what I read in your message.

   paf
Received on Wednesday, 22 August 2001 12:29:21 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 9 December 2014 23:04:05 UTC