- From: Patrik Fältström <paf@cisco.com>
- Date: Mon, 2 Dec 2002 17:29:49 +0100
- To: Brian E Carpenter <brian@hursley.ibm.com>
- Cc: discuss@apps.ietf.org
On måndag, dec 2, 2002, at 15:03 Europe/Stockholm, Brian E Carpenter wrote: > One of the problems here is that whatever we do in the addressing > architecture, somebody can come along and sell a NAT-v6 box with > the same misleading arguments that we hear for NAT-v4, apart from > one (shortage of address space). > > So the real challenge is: how can we make it more attractive to > *not* buy a NAT box than to buy one. I believe that should be the > focus of applications people. Brian, I completely agree with this, and that's why I would like to have something which talk about the following: - Security is handled by a firewall, not the NAT function - Security is always in the form of some policy which someone want to apply to a path - If the policy allow application FOO to pass the point where policy is applied, the application will only work as planned if there is _NO_ nat at that point I.e. talk about security <> NAT and that NAT is bad for things which the policy allow. Do you think that can help? paf
Received on Monday, 2 December 2002 11:30:51 UTC