nanog mailing list archives
Re: Only 5x IPv4 /8 remaining at IANA
From: Owen DeLong <owen () delong com>
Date: Mon, 18 Oct 2010 12:05:16 -0700
On Oct 18, 2010, at 12:26 PM, Johnny Eriksson wrote:
"Tony Hain" <alh-ietf () tndh net> wrote:Actually nat does something for security, it decimates it. Any 'real' security system (physical, technology, ...) includes some form of audit trail. NAT explicitly breaks any form of audit trail, unless you are the one operating the header mangling device. Given that there is no limit to the number of nat devices along a path, there can be no limit to the number of people operating them. This means there is no audit trail, and therefore NO SECURITY.So an audit trail implies security? I don't agree. It may make post-mortem analysis easier, thou.
An audit trail improves security because post-mortem analysis of breaches is an important tool in improving security.
Does end-to-end crypto break security? Which security? The security of the endpoints or the security of someone else who cannot now audit the communication in question fully?
No, end-to-end crypto does not, by itself, break security. Arguably, end-to-end crypto MAY bypass security in some environments, but, those environments do have controls available to disable end-to-end crypto. Owen
Current thread:
- Re: Only 5x IPv4 /8 remaining at IANA, (continued)
- Re: Only 5x IPv4 /8 remaining at IANA Jeroen Massar (Oct 21)
- Re: Only 5x IPv4 /8 remaining at IANA Patrick Giagnocavo (Oct 21)
- Re: Only 5x IPv4 /8 remaining at IANA Cameron Byrne (Oct 21)
- Re: Only 5x IPv4 /8 remaining at IANA Owen DeLong (Oct 21)
- Re: Only 5x IPv4 /8 remaining at IANA Franck Martin (Oct 18)
- Re: Only 5x IPv4 /8 remaining at IANA Joel Jaeggli (Oct 18)
- Re: Only 5x IPv4 /8 remaining at IANA Franck Martin (Oct 18)
- Re: Only 5x IPv4 /8 remaining at IANA Dorian Kim (Oct 18)
- Re: Only 5x IPv4 /8 remaining at IANA Owen DeLong (Oct 18)