[13362] in North American Network Operators' Group
Overloaded semantics (was Re: moving to IPv6)
daemon@ATHENA.MIT.EDU (Ran Atkinson)
Mon Nov 3 18:21:38 1997
From: rja@corp.home.net (Ran Atkinson)
Date: Mon, 3 Nov 1997 15:12:47 -0800
In-Reply-To: John Curran <jcurran@bbnplanet.com>
"Re: moving to IPv6" (Nov 3, 13:49)
To: nanog@merit.edu
At the risk of stating the obvious, an observation about
NAT and security...
The problem is that IP addresses have overloaded semantics.
Security needs an identifier. NAT and routing need locators.
At present IP addresses serve both functions. We need to
move to a world where locating a node is decoupled from
identifying a node. In such a world, NAT could happen without
causing IPsec to get broken by the NAT function.
The overloaded semantics are broken. Noel has probably been
the most outspoken in making this observation, but others
have also noted the issue.
Ran
rja@Home.net
