shared address space... a reality!

• Previous message (by thread): shared address space... a reality!
• Next message (by thread): shared address space... a reality!
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

It may be easy to sell, but it's also fictitious.

NAT is antithetical to security, not beneficial to it.

Owen

On Mar 16, 2012, at 1:21 PM, cdel.firsthand.net wrote:

> NAT at the edge is one thing as it gives an easy to sell security proposition for the board. But CGN controlled by whoever sitting between their NATs does the opposite. 
> 
> 
> 
> Christian de Larrinaga
> 
> 
> On 16 Mar 2012, at 19:35, William Herrin <bill at herrin.us> wrote:
> 
>> On Fri, Mar 16, 2012 at 2:01 PM, Octavio Alvarez
>> <alvarezp at alvarezp.ods.org> wrote:
>>> On Tue, 13 Mar 2012 23:22:04 -0700, Christopher Morrow
>>> <christopher.morrow at gmail.com> wrote:
>>>> NetRange:       100.64.0.0 - 100.127.255.255
>>>> CIDR:           100.64.0.0/10
>>>> OriginAS:
>>>> NetName:        SHARED-ADDRESS-SPACE-RFCTBD-IANA-RESERVED
>>> 
>>> Weren't we supposed to *solve* the end-to-end connectivity problem,
>>> instead of just letting it live?
>> 
>> "We" forgot to ask if all the stakeholders wanted it solved. Most
>> self-styled "enterprise" operators don't: they want a major control
>> point at the network border. Deliberately breaking end to end makes
>> that control more certain. Which is why they deployed IPv4 NAT boxen
>> long before address scarcity became an impactful issue.
>> 
>> Regards,
>> Bill Herrin
>> 
>> 
>> -- 
>> William D. Herrin ................ herrin at dirtside.com  bill at herrin.us
>> 3005 Crane Dr. ...................... Web: <http://bill.herrin.us/>
>> Falls Church, VA 22042-3004
>> 

• Previous message (by thread): shared address space... a reality!
• Next message (by thread): shared address space... a reality!
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]