[13359] in North American Network Operators' Group
Re: moving to IPv6
daemon@ATHENA.MIT.EDU (Thomas Narten)
Mon Nov 3 16:10:41 1997
To: John Curran <jcurran@bbnplanet.com>
Cc: "Sean M. Doran" <smd@clock.org>, nanog@merit.edu
In-Reply-To: Your message of "Mon, 03 Nov 1997 13:49:40 EST."
<3.0.3.32.19971103134940.00a9aa64@mail.bbnplanet.com>
Date: Mon, 03 Nov 1997 14:19:45 -0500
From: Thomas Narten <narten@raleigh.ibm.com>
> I agree 100% when it comes to payload, but network addresses serve
> the network as much as the packet. To the extent that we start
> deploying networks with more functionality (such as mail relaying
> and web caching), then the same logic applies to DNS names.
One big problem we have today is that transport addresses have
embedded within them network addresses. To cryptographically protect
transport-level connections in practice means that network level
addresses (i.e., those in the IP header) cannot be safely modified.
Sure, we can say "that is broken and must be changed", but doing so
will not be painless or free and begs the question as to whether the
total cost of doing this exceeds the benefits NAT brings. It is
questions like this that make me question whether we fully understand
how scalable/viable NAT really is for the long term.
Thomas
