[41462] in North American Network Operators' Group
Re[2]: Where NAT disenfranchises the end-user ...
daemon@ATHENA.MIT.EDU (RJ Atkinson)
Mon Sep 10 14:13:05 2001
Message-Id: <5.1.0.14.2.20010910140500.00a12e90@10.30.15.2>
Date: Mon, 10 Sep 2001 14:06:14 -0400
To: Richard Welty <rwelty@averillpark.net>
From: RJ Atkinson <rja@inet.org>
Cc: NANOG <nanog@merit.edu>
In-Reply-To: <E15gV87-00051M-00@krusty-motorsports.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Errors-To: owner-nanog-outgoing@merit.edu
At 13:47 10/09/01, Richard Welty wrote:
>in the case of IPSec, the IP addresses need to be preserved end-to-end
>as part of the whole security scheme.
True, but ONLY because the Internet Architecture lacks an alternative
namespace that could identify the box associated with a given network
interface. (The IP address is used in this context to identify the network
interface associated with the Security Association). So that's all true
today, but is driven by a shortcoming in the Internet Architecture.
Ran
rja@Inet.org
