NAT etc. (was: Spam Control Considered Harmful)
Jay R. Ashworth
jra at scfn.thpl.lib.fl.us
Sun Nov 2 17:35:57 UTC 1997
On Sun, Nov 02, 1997 at 12:31:45PM -0500, Alan Hannan wrote:
> > Yup, it could, but as I noted to Paul, in the cases Sean is advocating,
> > the client and the NAT box may not be within the same span of
> > administration, either. IE: no, you may _not_ trust the NAT op.
>
> In today's internet, the DNS management, the routing
> administration, and the ADM engineer are all outside of central
> administration.
>
> This is analagous to the case you bring up, and yet we work well.
>
> Proxy aggregation of address space occurs, and yet the world goes
> on.
>
> That the NAT administration would be different from that of the
> flow endpoints is orthagonal to the discussion.
No, I'm afraid I don't think that's true. This is a question of
_trust_, and if I don't wish to allow the operator of a NAT box to
proxy my trust in a nameserver operator, there really isn't any good
way around that.
Cheers,
-- jra
--
Jay R. Ashworth jra at baylink.com
Member of the Technical Staff Unsolicited Commercial Emailers Sued
The Suncoast Freenet "Pedantry. It's not just a job, it's an
Tampa Bay, Florida adventure." -- someone on AFU +1 813 790 7592
More information about the NANOG
mailing list