[114796] in North American Network Operators' Group
Re: AH or ESP
daemon@ATHENA.MIT.EDU (Jack Kohn)
Tue May 26 19:36:47 2009
In-Reply-To: <4A1C570D.3060005@otd.com>
Date: Wed, 27 May 2009 05:05:47 +0530
From: Jack Kohn <kohn.jack@gmail.com>
To: Dave Israel <davei@otd.com>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
>
>
> The delusion that network operators can successfully use unhelpful
> protocols and/or smoke and mirrors to force idealist network design on
> others needs to end. People use new protocols because they are better.
> If the benefit of moving to a new protocol does not outweigh the pain
> of moving to it, people don't use it. That's why the OSI protocols did
> not kill IP like they were supposed to in the 90s, it is why the largely
> forgotten mandated move from Windows to secure OSes (ie, Unix) for all
> government employees never happened, and it is why IPv6 is sputtering.
> If people want to use NAT, they are going to use NAT. They may stop
> using it if the widespread adoption of peer to peer protocols means they
> are missing out on things other people are doing. They are not going to
> stop using NAT to use a protocol maliciously designed to break it; they
> will just wait, patiently and nearly always successfully, for somebody
> to come out with a version that has no such malice. They are certainly
> not going to stop using NAT because somebody tells them they should use
> a security protocol that does not secure anything worth securing.
>
> BitTorrent is a better anti-NAT tool than AH ever will be. More carrot,
> less stick.
>
I agree. Folks are going to use ESP-NULL if they really want Integrity
Protection ..
> -Dave
>
>
