W3C home > Mailing lists > Public > ietf-discuss@w3.org > December 2002

Re: Application protocols and Address Translation

From: Patrik Fältström <paf@cisco.com>
Date: Mon, 2 Dec 2002 17:29:49 +0100
Cc: discuss@apps.ietf.org
To: Brian E Carpenter <brian@hursley.ibm.com>
Message-Id: <47353E98-0613-11D7-A024-0003934B2128@cisco.com>

On måndag, dec 2, 2002, at 15:03 Europe/Stockholm, Brian E Carpenter 
wrote:

> One of the problems here is that whatever we do in the addressing
> architecture, somebody can come along and sell a NAT-v6 box with
> the same misleading arguments that we hear for NAT-v4, apart from
> one (shortage of address space).
>
> So the real challenge is: how can we make it more attractive to
> *not* buy a NAT box than to buy one. I believe that should be the
> focus of applications people.

Brian, I completely agree with this, and that's why I would like to 
have something which talk about the following:

- Security is handled by a firewall, not the NAT function
- Security is always in the form of some policy which someone want to 
apply to a path
- If the policy allow application FOO to pass the point where policy is 
applied, the application will only work as planned if there is _NO_ nat 
at that point

I.e. talk about security <> NAT and that NAT is bad for things which 
the policy allow.

Do you think that can help?

     paf
Received on Monday, 2 December 2002 11:30:51 EST

This archive was generated by hypermail pre-2.1.9 : Tuesday, 24 February 2004 19:46:24 EST