[security-area] Agenda Firewall Issues BOF - GGF13

Olle Mulmo mulmo at pdc.kth.se
Thu Mar 10 02:32:41 CST 2005 

Without implying that we should freeze or postpone any current 
discussions on this topic, NATs are definitely a discussion item at the 
BOF as well, I would say.

I would say that in these discussions, NATs are equally important as 
firewalls, as they both are devices that are "in the way", meddling 
with the network traffic in ways that cause problems for middleware and 
application developers. Identifying (and seeking to rectify?) the 
problems that appear in Grid settings is what this BOF is about.

Side remark: one can claim that NATs are (stupid) firewalls. That can 
be debated endlessly though, and I'm certain the people that build 
"real" firewalls disagree!

/Olle

On Mar 8, 2005, at 20:10, Leon Gommans wrote:

>  Mike,
>
>  Thanks for raising the question. The answer will depend on
>  the charter discussion. Anybody is welcome to comment.
>
>  This is my personal view:
>
>  If you look for example the IETF Middlebox work, NATs
>  were part of the charter.
>
>  An answer may also depend on the outcome of the question
>  if this should be a Research Group or a Working Group.
>  A WG charter needs to be very focussed and
>  our Area Directors may prefer a limited the scope with
>  clearly defined deliverables. The scope may therefore be limited
>  to Firewalls. There is also a BoF that wants to look at VPN's.
>  A RG could pursue a wider range of middlebox services
>  such as mentioned in RFC 3303.
>   
>  Kind regards .. Leon Gommans.
>
>   
>
>  Mike 'Mike' Jones wrote:
>
> Would it be useful to discuss NAT at the same time as firewalls?
>
> I think NAT raises some issues that are similar to firewalls.  I'm 
> coming
> from an AFS in globus2 based grids perspective and have also seen 
> clashes
> between globus-IO and NAT.
>
> I'm afraid I'm not able to goto Korea to stick my hand up and ask the
> question there, sorry!
>
> Cheers,
> Mike
>
> On Tue, 8 Mar 2005, Mike Helm wrote:
>
>
> LG, can you put me on the agenda?  I'd like to mention
> 3 things (provided the material all shows up :^) that
> might be of interest: some MPLS work at ESnet, a PNNL localhost-based
> firewall solution that should be grid friendly, and
> an interesting use-case from Fusion Grid (some have seen
> this, at last GGF).
>
> Thanks, ==mwh
> Michael Helm
> ESnet/LBNL
>
>
>

More information about the security-area mailing list