nanog mailing list archives
Overloaded semantics (was Re: moving to IPv6)
From: rja () corp home net (Ran Atkinson)
Date: Mon, 3 Nov 1997 15:12:47 -0800
At the risk of stating the obvious, an observation about NAT and security... The problem is that IP addresses have overloaded semantics. Security needs an identifier. NAT and routing need locators. At present IP addresses serve both functions. We need to move to a world where locating a node is decoupled from identifying a node. In such a world, NAT could happen without causing IPsec to get broken by the NAT function. The overloaded semantics are broken. Noel has probably been the most outspoken in making this observation, but others have also noted the issue. Ran rja () Home net
Current thread:
- Re: moving to IPv6, (continued)
- Message not available
- Re: moving to IPv6 Jay R. Ashworth (Nov 03)
- Message not available
- Re: moving to IPv6 Jay R. Ashworth (Nov 03)
- Re: moving to IPv6 Sean M. Doran (Nov 03)
- Re: moving to IPv6 Vadim Antonov (Nov 02)
- Re: moving to IPv6 Thomas Narten (Nov 03)
- Re: moving to IPv6 John Curran (Nov 03)
- Re: moving to IPv6 Thomas Narten (Nov 03)
- Re: moving to IPv6 Jeremy Porter (Nov 03)
- Message not available
- IPsec processing & NAT (was Re: moving to IPv6) Ran Atkinson (Nov 03)
- Re: moving to IPv6 Gary E. Miller (Nov 05)
- Message not available
- Overloaded semantics (was Re: moving to IPv6) Ran Atkinson (Nov 03)
- Re: Overloaded semantics (was Re: moving to IPv6) Thomas Narten (Nov 05)
- Re: moving to IPv6 Dirk Harms-Merbitz (Nov 03)
- Re: moving to IPv6 Pedro Marques (Nov 03)
- Re: moving to IPv6 Karl Denninger (Nov 03)
- Re: moving to IPv6 Phillip Vandry (Nov 05)
- Re: moving to IPv6 Sean M. Doran (Nov 07)
- Re: moving to IPv6 Karl Denninger (Nov 07)
- Re: moving to IPv6 John A. Tamplin (Nov 07)
- Re: moving to IPv6 Karl Denninger (Nov 07)
- Re: moving to IPv6 Gary E. Miller (Nov 07)