NAT etc. (was: Spam Control Considered Harmful)

Jay R. Ashworth jra at
Sun Nov 2 17:35:57 UTC 1997

On Sun, Nov 02, 1997 at 12:31:45PM -0500, Alan Hannan wrote:
> > Yup, it could, but as I noted to Paul, in the cases Sean is advocating,
> > the client and the NAT box may not be within the same span of
> > administration, either.  IE: no, you may _not_ trust the NAT op.
>   In today's internet, the DNS management, the routing
>   administration, and the ADM engineer are all outside of central
>   administration.
>   This is analagous to the case you bring up, and yet we work well.
>   Proxy aggregation of address space occurs, and yet the world goes
>   on.
>   That the NAT administration would be different from that of the
>   flow endpoints is orthagonal to the discussion.

No, I'm afraid I don't think that's true.  This is a question of
_trust_, and if I don't wish to allow the operator of a NAT box to
proxy my trust in a nameserver operator, there really isn't any good
way around that.

-- jra
Jay R. Ashworth                                                jra at
Member of the Technical Staff             Unsolicited Commercial Emailers Sued
The Suncoast Freenet      "Pedantry.  It's not just a job, it's an
Tampa Bay, Florida          adventure."  -- someone on AFU      +1 813 790 7592

More information about the NANOG mailing list