Only 5x IPv4 /8 remaining at IANA
Johnny Eriksson
bygg at cafax.se
Mon Oct 18 20:26:20 UTC 2010
"Tony Hain" <alh-ietf at tndh.net> wrote:
> Actually nat does something for security, it decimates it. Any 'real'
> security system (physical, technology, ...) includes some form of audit
> trail. NAT explicitly breaks any form of audit trail, unless you are the one
> operating the header mangling device. Given that there is no limit to the
> number of nat devices along a path, there can be no limit to the number of
> people operating them. This means there is no audit trail, and therefore NO
> SECURITY.
So an audit trail implies security? I don't agree. It may make post-mortem
analysis easier, thou.
Does end-to-end crypto break security? Which security? The security of
the endpoints or the security of someone else who cannot now audit the
communication in question fully?
> Tony
--Johnny
More information about the NANOG
mailing list