nanog mailing list archives

RE: Only 5x IPv4 /8 remaining at IANA

From: Johnny Eriksson <bygg () cafax se>
Date: Mon, 18 Oct 2010 20:26:20 WET DST

"Tony Hain" <alh-ietf () tndh net> wrote:

Actually nat does something for security, it decimates it. Any 'real'
security system (physical, technology, ...) includes some form of audit
trail. NAT explicitly breaks any form of audit trail, unless you are the one
operating the header mangling device. Given that there is no limit to the
number of nat devices along a path, there can be no limit to the number of
people operating them. This means there is no audit trail, and therefore NO
SECURITY.


So an audit trail implies security?  I don't agree.  It may make post-mortem
analysis easier, thou.

Does end-to-end crypto break security?  Which security?  The security of
the endpoints or the security of someone else who cannot now audit the
communication in question fully?

Tony


--Johnny

Current thread:

Re: Only 5x IPv4 /8 remaining at IANA, (continued)
- - - Re: Only 5x IPv4 /8 remaining at IANA Owen DeLong (Oct 21)
    - Re: Only 5x IPv4 /8 remaining at IANA Jeroen Massar (Oct 21)
    - Re: Only 5x IPv4 /8 remaining at IANA Patrick Giagnocavo (Oct 21)
    - Re: Only 5x IPv4 /8 remaining at IANA Cameron Byrne (Oct 21)
    - Re: Only 5x IPv4 /8 remaining at IANA Owen DeLong (Oct 21)
- Re: Only 5x IPv4 /8 remaining at IANA Aleksi Suhonen (Oct 18)
  - Re: Only 5x IPv4 /8 remaining at IANA Franck Martin (Oct 18)
    - Re: Only 5x IPv4 /8 remaining at IANA Joel Jaeggli (Oct 18)
    - Re: Only 5x IPv4 /8 remaining at IANA Franck Martin (Oct 18)
    - Re: Only 5x IPv4 /8 remaining at IANA Dorian Kim (Oct 18)
- RE: Only 5x IPv4 /8 remaining at IANA Johnny Eriksson (Oct 18)
  - Re: Only 5x IPv4 /8 remaining at IANA Owen DeLong (Oct 18)