All- This is the first real meeting of the new Q5 NAT/Firewall Traversal question, and I'd like to solicit contributions to get the work started (but see also D-408 from the Geneva meeting). It seems especially appropriate to begin with discussions of requirements and architectures, and some examination of the existing body of work. Requirements might cover:
- authentication of sources and sinks of traffic - authorization of sources/destinations to send/receive traffic. - network/realm topologies to be supported. - architectural principles - trust models - application scenarios - how to insure end-to=end privacy and integrity of application data, while permitting firewalls to authenticate the flows. - what we can require/use from existing firewalls (especially from the ubiquitous home firewalls.) - how to extend existing telephony protocols to free the firewall from knowledge of extraneous details of the protocols.
I'm sure there are areas I've left out (like requirements for of any firewall control/request protocols.) At this stage, the field is wide open, so we need not limit ourselves to the above list.
Another aspect of this work, I believe, is the need to involve the builders of firewalls. I don't believe we can be successful unless we can create a win/win situation for both the server and endpoint vendors and the firewall vendors. If any of you have contacts in the firewall market, please extend a personal invitation for them to join us.
I'm looking forward to seeing you in Beijing. Thanks. -Bob ---------------------------------------------------- Bob Gilman rrg@avaya.com +1 303 538 3868