Re: NAT etc. (was: Spam Control Considered Harmful)

[Alan Hannan <hannan () bythetrees com>]

> Does anyone wish to correct me?  I'm a pretty decent thinker, but it's
> possible I may misunderstand some specifics, I'm _not_ a DNSSEC or NAT
> mechanic.

  I am not intimate with the internals of DNSSEC to comment on the
  interoperability with NATs at this time.

  As such, I wouldn't question your assertion.  I do, however,
  question this premise as being directly relevant to the
  advancement of NAT use in the internet infrastructure.

  It is likely that the scaling properties of the internet
  will demand a change in the lower level protocols.

  When this happens, the higher layer protocols (like DNSSEC) will
  have to be reworked.

  So DNSSEC gets broken.  Fix DNSSEC after we fix the
  infrastructure.

  With NAT you can subdivide the network to many orders of growth.
  The sum work saved by doing this vastly outweighs the work
  required to adapt DNSSEC.  

  For example, the root name system could interoperate with the NAT
  machines in a controlled manner.  No, it's not a trivial task.
  However, isn't it easier than renumbering the entire address space
  and putting more space into the problem?

  -a