NAT and Firewall Traversal Issues of Host Identity Protocol (HIP) Communication
RFC 5207

Note: This ballot was opened for revision 04 and is now closed.

(Mark Townsley) Yes

(Jari Arkko) No Objection

(Ross Callon) No Objection

(Brian Carpenter) No Objection

(Ted Hardie) No Objection

(Russ Housley) No Objection

Comment (2006-11-29 for -)
No email
send info
  From the SecDir Review by Eric Rescorla:

  This document discusses the challenges of running HIP when one or both
  of the parties is behind a NAT or Firewall.

  S 1.
  I'm not sure the NAT/ALG distinction you're promulgating here is that
  useful. Most things that people buy that are labelled "NAT" actually
  have some kind of ALG in them to modify things like DNS and FTP.
  So, the issue isn't ALG or not but rather how much ALG they have.

  S 2.1.1.
  I'm not sure I would structure this section this way. As you
  say, pure "basic NATs" are rare, so less text about them and
  more about the things that really occur would help.

  Given that you mention the topic of receivers behind a 
  NAT, I think some mention of ICE would be appropriate.

  S 2.2.
  Is the idea here that this section only talks about HIP-specific
  stuff and that one should see 3715 for the ESP in general
  stuff? If not, this section needs to be a lot more complete.
  I haven't studied 3715 so can't say how complete that is.

(Cullen Jennings) No Objection

(David Kessens) (was Discuss, Abstain) No Objection

Comment (2006-11-29)
No email
send info
This document does no harm whatsoever but I honestly wonder whether it
is useful for anything.

I have a hard time finding any actual content in this document:

The document says in section '2.2.  Phase 2: ESP Data Exchange':

 This section focuses on the first category, i.e., NAT-intrinsic
 issues.  The two other problem categories are out of this document's
 scope.  They are addressed in the BEHAVE working group or in
 [RFC3489].

Two categories are out of scope, while the first category is NAT-intrinsic, 
that is, there is nothing unique about the fact that we are dealing here
with HIP as opposed to IPsec or whatever else passing through a NAT.

Section 4 & 5 are other nice examples of stating the obvious.

Since this document comes out of the irtf, I wonder what the connection is with any 'research' done in the irtf as there is nothing new or research worthy in this document.

(Dan Romascanu) No Objection

Magnus Westerlund No Objection

Comment (2006-11-29 for -)
No email
send info
Maybe not the best written document outthere. My primary concern is that it may in fact require some knowledge about the NAT/FW traversal issues to understand correctly. The proposed solutions are also sometime a bit to vaguely described.

(Lars Eggert) Recuse