[130952] in North American Network Operators' Group
RE: Only 5x IPv4 /8 remaining at IANA
daemon@ATHENA.MIT.EDU (Johnny Eriksson)
Mon Oct 18 14:32:53 2010
Date: Mon, 18 Oct 2010 20:26:20 WET DST
From: Johnny Eriksson <bygg@cafax.se>
To: nanog@nanog.org
In-Reply-To: Your message of Mon, 18 Oct 2010 09:47:29 -0700
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
"Tony Hain" <alh-ietf@tndh.net> wrote:
> Actually nat does something for security, it decimates it. Any 'real'
> security system (physical, technology, ...) includes some form of audit
> trail. NAT explicitly breaks any form of audit trail, unless you are the one
> operating the header mangling device. Given that there is no limit to the
> number of nat devices along a path, there can be no limit to the number of
> people operating them. This means there is no audit trail, and therefore NO
> SECURITY.
So an audit trail implies security? I don't agree. It may make post-mortem
analysis easier, thou.
Does end-to-end crypto break security? Which security? The security of
the endpoints or the security of someone else who cannot now audit the
communication in question fully?
> Tony
--Johnny
