NAT etc. (was: Spam Control Considered Harmful)
Jay R. Ashworth
jra at scfn.thpl.lib.fl.us
Sun Nov 2 17:35:57 UTC 1997
On Sun, Nov 02, 1997 at 12:31:45PM -0500, Alan Hannan wrote:
> > Yup, it could, but as I noted to Paul, in the cases Sean is advocating,
> > the client and the NAT box may not be within the same span of
> > administration, either. IE: no, you may _not_ trust the NAT op.
> In today's internet, the DNS management, the routing
> administration, and the ADM engineer are all outside of central
> This is analagous to the case you bring up, and yet we work well.
> Proxy aggregation of address space occurs, and yet the world goes
> That the NAT administration would be different from that of the
> flow endpoints is orthagonal to the discussion.
No, I'm afraid I don't think that's true. This is a question of
_trust_, and if I don't wish to allow the operator of a NAT box to
proxy my trust in a nameserver operator, there really isn't any good
way around that.
Jay R. Ashworth jra at baylink.com
Member of the Technical Staff Unsolicited Commercial Emailers Sued
The Suncoast Freenet "Pedantry. It's not just a job, it's an
Tampa Bay, Florida adventure." -- someone on AFU +1 813 790 7592
More information about the NANOG