Only 5x IPv4 /8 remaining at IANA

• Previous message (by thread): Only 5x IPv4 /8 remaining at IANA
• Next message (by thread): Only 5x IPv4 /8 remaining at IANA
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Oct 18, 2010, at 12:26 PM, Johnny Eriksson wrote:

> "Tony Hain" <alh-ietf at tndh.net> wrote:
> 
>> Actually nat does something for security, it decimates it. Any 'real'
>> security system (physical, technology, ...) includes some form of audit
>> trail. NAT explicitly breaks any form of audit trail, unless you are the one
>> operating the header mangling device. Given that there is no limit to the
>> number of nat devices along a path, there can be no limit to the number of
>> people operating them. This means there is no audit trail, and therefore NO
>> SECURITY. 
> 
> So an audit trail implies security?  I don't agree.  It may make post-mortem
> analysis easier, thou.
> 
An audit trail improves security because post-mortem analysis of breaches
is an important tool in improving security.

> Does end-to-end crypto break security?  Which security?  The security of
> the endpoints or the security of someone else who cannot now audit the
> communication in question fully?
> 
No, end-to-end crypto does not, by itself, break security. Arguably, end-to-end
crypto MAY bypass security in some environments, but, those environments
do have controls available to disable end-to-end crypto.

Owen

• Previous message (by thread): Only 5x IPv4 /8 remaining at IANA
• Next message (by thread): Only 5x IPv4 /8 remaining at IANA
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]