Fwd:Re: Meeting of Q.1 in Beijing
okubo at MXZ.MESH.NE.JP
Tue Apr 6 00:10:41 EDT 2004
This is the first real meeting of the new Q5 NAT/Firewall Traversal
question, and I'd like to solicit contributions to get the work
started (but see also D-408 from the Geneva meeting). It seems
especially appropriate to begin with discussions of requirements
and architectures, and some examination of the existing body of work.
Requirements might cover:
- authentication of sources and sinks of traffic
- authorization of sources/destinations to send/receive traffic.
- network/realm topologies to be supported.
- architectural principles
- trust models
- application scenarios
- how to insure end-to=end privacy and integrity of application data,
while permitting firewalls to authenticate the flows.
- what we can require/use from existing firewalls (especially from
the ubiquitous home firewalls.)
- how to extend existing telephony protocols to free the firewall
from knowledge of extraneous details of the protocols.
I'm sure there are areas I've left out (like requirements for of any
firewall control/request protocols.) At this stage, the field is
wide open, so we need not limit ourselves to the above list.
Another aspect of this work, I believe, is the need to involve the
builders of firewalls. I don't believe we can be successful unless
we can create a win/win situation for both the server and endpoint
vendors and the firewall vendors. If any of you have contacts in
the firewall market, please extend a personal invitation for them
to join us.
I'm looking forward to seeing you in Beijing.
Bob Gilman rrg at avaya.com +1 303 538 3868
More information about the sg16-avd