nanog mailing list archives
RE: Only 5x IPv4 /8 remaining at IANA
From: Johnny Eriksson <bygg () cafax se>
Date: Mon, 18 Oct 2010 20:26:20 WET DST
"Tony Hain" <alh-ietf () tndh net> wrote:
Actually nat does something for security, it decimates it. Any 'real' security system (physical, technology, ...) includes some form of audit trail. NAT explicitly breaks any form of audit trail, unless you are the one operating the header mangling device. Given that there is no limit to the number of nat devices along a path, there can be no limit to the number of people operating them. This means there is no audit trail, and therefore NO SECURITY.
So an audit trail implies security? I don't agree. It may make post-mortem analysis easier, thou. Does end-to-end crypto break security? Which security? The security of the endpoints or the security of someone else who cannot now audit the communication in question fully?
Tony
--Johnny
Current thread:
- Re: Only 5x IPv4 /8 remaining at IANA, (continued)
- Re: Only 5x IPv4 /8 remaining at IANA Owen DeLong (Oct 21)
- Re: Only 5x IPv4 /8 remaining at IANA Jeroen Massar (Oct 21)
- Re: Only 5x IPv4 /8 remaining at IANA Patrick Giagnocavo (Oct 21)
- Re: Only 5x IPv4 /8 remaining at IANA Cameron Byrne (Oct 21)
- Re: Only 5x IPv4 /8 remaining at IANA Owen DeLong (Oct 21)
- Re: Only 5x IPv4 /8 remaining at IANA Franck Martin (Oct 18)
- Re: Only 5x IPv4 /8 remaining at IANA Joel Jaeggli (Oct 18)
- Re: Only 5x IPv4 /8 remaining at IANA Franck Martin (Oct 18)
- Re: Only 5x IPv4 /8 remaining at IANA Dorian Kim (Oct 18)
- Re: Only 5x IPv4 /8 remaining at IANA Owen DeLong (Oct 18)