nanog mailing list archives
Re: NAT etc. (was: Spam Control Considered Harmful)
From: "Jay R. Ashworth" <jra () scfn thpl lib fl us>
Date: Sun, 2 Nov 1997 12:01:43 -0500
On Sat, Nov 01, 1997 at 07:44:55PM -0600, Tim Salo wrote:
Date: Sat, 1 Nov 1997 17:37:57 -0500 From: "Jay R. Ashworth" <jra () scfn thpl lib fl us> To: "You're welcome" <nanog () merit edu> Subject: Re: NAT etc. (was: Spam Control Considered Harmful) [...] Well, yes, Paul, but unless I misunderstood you, that's exactly the point. If a client inside a NAT cloud does a DNS lookup to a supposedly authoritative server outside, and the NAT box is _required_ to strip off the signature (which it would, because it has to change the data), then it's not possibile, by definition, for any client inside such a NAT box to make any use of SecDNS. The point is that you _can't_ regenerate the signature, usefully to the client, anyway, precisely because _it is a signature_.Presumably, the NAT could, o Verify the signature of the DNS responses it receives, and dump any responses that don't meet its [authentication] criteria, or o Sign the the response it creates and let the client verify the NAT's signature. Presumably, the client will trust the NAT.
Yup, it could, but as I noted to Paul, in the cases Sean is advocating, the client and the NAT box may not be within the same span of administration, either. IE: no, you may _not_ trust the NAT op. Cheers, -- jra -- Jay R. Ashworth jra () baylink com Member of the Technical Staff Unsolicited Commercial Emailers Sued The Suncoast Freenet "Pedantry. It's not just a job, it's an Tampa Bay, Florida adventure." -- someone on AFU +1 813 790 7592
Current thread:
- Re: NAT etc. (was: Spam Control Considered Harmful) Tim Salo (Nov 01)
- Communities Bradley Reynolds (Nov 01)
- Re: Communities Kirby Files (Nov 01)
- Re: Communities Bradley Reynolds (Nov 02)
- Re: Communities Sean M. Doran (Nov 03)
- Message not available
- Re: Communities James A. Farrar (Nov 02)
- Re: Communities Bradley Dunn (Nov 05)
- Re: Communities Kirby Files (Nov 01)
- Communities Bradley Reynolds (Nov 01)
- Re: NAT etc. (was: Spam Control Considered Harmful) Jay R. Ashworth (Nov 02)
- Re: NAT etc. (was: Spam Control Considered Harmful) Alan Hannan (Nov 02)
- Message not available
- Re: NAT etc. (was: Spam Control Considered Harmful) Jay R. Ashworth (Nov 02)
- Re: NAT etc. (was: Spam Control Considered Harmful) Sean M. Doran (Nov 03)
- Message not available
- Re: NAT etc. (was: Spam Control Considered Harmful) Jay R. Ashworth (Nov 03)
- Re: NAT etc. (was: Spam Control Considered Harmful) Yakov Rekhter (Nov 03)
- Message not available
- Re: NAT etc. (was: Spam Control Considered Harmful) Jay R. Ashworth (Nov 03)
- Re: NAT etc. (was: Spam Control Considered Harmful) Eric M. Carroll (Nov 03)