RE: Only 5x IPv4 /8 remaining at IANA

About Merit

Services

Network

Resources & Support

Network Research

News

Events

Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

RE: Only 5x IPv4 /8 remaining at IANA

From: Johnny Eriksson
Date: Mon Oct 18 14:32:53 2010

List-archive: <http://mailman.nanog.org/pipermail/nanog>
List-help: <mailto:nanog-request@nanog.org?subject=help>
List-id: North American Network Operators Group <nanog.nanog.org>
List-post: <mailto:nanog@nanog.org>
List-subscribe: <https://mailman.nanog.org/mailman/listinfo/nanog>,<mailto:nanog-request@nanog.org?subject=subscribe>
List-unsubscribe: <https://mailman.nanog.org/mailman/listinfo/nanog>,<mailto:nanog-request@nanog.org?subject=unsubscribe>

"Tony Hain" <alh-ietf@tndh.net> wrote:

> Actually nat does something for security, it decimates it. Any 'real'
> security system (physical, technology, ...) includes some form of audit
> trail. NAT explicitly breaks any form of audit trail, unless you are the one
> operating the header mangling device. Given that there is no limit to the
> number of nat devices along a path, there can be no limit to the number of
> people operating them. This means there is no audit trail, and therefore NO
> SECURITY. 

So an audit trail implies security?  I don't agree.  It may make post-mortem
analysis easier, thou.

Does end-to-end crypto break security?  Which security?  The security of
the endpoints or the security of someone else who cannot now audit the
communication in question fully?

> Tony

--Johnny

Follow-Ups:
- Re: Only 5x IPv4 /8 remaining at IANA Owen DeLong

Prev by Date: Re: Pica8 - Open Source Cloud Switch
Next by Date: Re: Only 5x IPv4 /8 remaining at IANA
Date Index
Thread Index
Author Index
Historical