nanog mailing list archives
Re: moving to IPv6
From: John Curran <jcurran () bbnplanet com>
Date: Mon, 03 Nov 1997 13:49:40 -0500
At 01:23 PM 11/3/97 -0500, Thomas Narten wrote:
Fundamentally, security likes the idea that it trusts no one other than the originator of data and the ultimate destination of data. That means no one in between should be able to examine the data, much less modify any of it. That includes NATs rewritting addresses. IPSec (and DNSSEC) do not allow addresses to be rewritten in packets. Full Stop.
Not to be contentious, but there are valid reasons why "addresses" should be very visible to the network and potentially subject to modification. Just offhand, the ability to prevent malacious attacks and hunt down fraud are valid reasons on their own for visibility for network operations. I agree 100% when it comes to payload, but network addresses serve the network as much as the packet. To the extent that we start deploying networks with more functionality (such as mail relaying and web caching), then the same logic applies to DNS names. /John
Current thread:
- Re: moving to IPv6, (continued)
- Re: moving to IPv6 Alex Bligh (Nov 02)
- Message not available
- Re: moving to IPv6 Jay R. Ashworth (Nov 02)
- Re: moving to IPv6 Phil Howard (Nov 02)
- Message not available
- Re: moving to IPv6 Jay R. Ashworth (Nov 02)
- Re: moving to IPv6 Sean M. Doran (Nov 03)
- Message not available
- Re: moving to IPv6 Jay R. Ashworth (Nov 03)
- Message not available
- Re: moving to IPv6 Jay R. Ashworth (Nov 03)
- Re: moving to IPv6 Sean M. Doran (Nov 03)
- Re: moving to IPv6 Vadim Antonov (Nov 02)
- Re: moving to IPv6 Thomas Narten (Nov 03)
- Re: moving to IPv6 John Curran (Nov 03)
- Re: moving to IPv6 Thomas Narten (Nov 03)
- Re: moving to IPv6 Jeremy Porter (Nov 03)
- Message not available
- IPsec processing & NAT (was Re: moving to IPv6) Ran Atkinson (Nov 03)
- Re: moving to IPv6 Gary E. Miller (Nov 05)
- Message not available
- Overloaded semantics (was Re: moving to IPv6) Ran Atkinson (Nov 03)
- Re: Overloaded semantics (was Re: moving to IPv6) Thomas Narten (Nov 05)
- Re: moving to IPv6 Dirk Harms-Merbitz (Nov 03)
- Re: moving to IPv6 Pedro Marques (Nov 03)
- Re: moving to IPv6 Karl Denninger (Nov 03)
- Re: moving to IPv6 Phillip Vandry (Nov 05)