NAT and Firewall Traversal Issues of Host Identity Protocol (HIP) Communication
RFC 5207
Yes
No Objection
Recuse
Note: This ballot was opened for revision 04 and is now closed.
Lars Eggert Recuse
(Mark Townsley; former steering group member) Yes
(Brian Carpenter; former steering group member) No Objection
(Cullen Jennings; former steering group member) No Objection
(Dan Romascanu; former steering group member) No Objection
(David Kessens; former steering group member) (was Discuss, Abstain) No Objection
This document does no harm whatsoever but I honestly wonder whether it is useful for anything. I have a hard time finding any actual content in this document: The document says in section '2.2. Phase 2: ESP Data Exchange': This section focuses on the first category, i.e., NAT-intrinsic issues. The two other problem categories are out of this document's scope. They are addressed in the BEHAVE working group or in [RFC3489]. Two categories are out of scope, while the first category is NAT-intrinsic, that is, there is nothing unique about the fact that we are dealing here with HIP as opposed to IPsec or whatever else passing through a NAT. Section 4 & 5 are other nice examples of stating the obvious. Since this document comes out of the irtf, I wonder what the connection is with any 'research' done in the irtf as there is nothing new or research worthy in this document.
(Jari Arkko; former steering group member) No Objection
(Magnus Westerlund; former steering group member) No Objection
Maybe not the best written document outthere. My primary concern is that it may in fact require some knowledge about the NAT/FW traversal issues to understand correctly. The proposed solutions are also sometime a bit to vaguely described.
(Ross Callon; former steering group member) No Objection
(Russ Housley; former steering group member) No Objection
From the SecDir Review by Eric Rescorla: This document discusses the challenges of running HIP when one or both of the parties is behind a NAT or Firewall. S 1. I'm not sure the NAT/ALG distinction you're promulgating here is that useful. Most things that people buy that are labelled "NAT" actually have some kind of ALG in them to modify things like DNS and FTP. So, the issue isn't ALG or not but rather how much ALG they have. S 2.1.1. I'm not sure I would structure this section this way. As you say, pure "basic NATs" are rare, so less text about them and more about the things that really occur would help. Given that you mention the topic of receivers behind a NAT, I think some mention of ICE would be appropriate. S 2.2. Is the idea here that this section only talks about HIP-specific stuff and that one should see 3715 for the ESP in general stuff? If not, this section needs to be a lot more complete. I haven't studied 3715 so can't say how complete that is.
(Ted Hardie; former steering group member) No Objection