ietf
[Top] [All Lists]

RE: myth of the great transition (was US Defense Department forma lly adopts IPv6)

2003-06-19 18:56:19
Keith,

Michel Py wrote:
IMHO, here is the deal: IPv4 NAT does suck, but there is
nothing we can do to remove it; so the only worthy
efforts are 1) maybe try to make it less worse (I will
not go as far as  saying better) and 2) let's not make
the same mistake with IPv6.

Keith Moore wrote:
that's it in a nutshell.

I'm glad we could find something to agree on.


I believe the primary purpose of firewalls should be to
protect the network, not the hosts, from abusive or
unauthorized usage.

I do not agree with this. The primary purpose of firewalls is to protect
BOTH the network and the hosts.


the firewall without the NAT would be even more useful.

No argument here, but the way it is going to happen is not by bashing at
NAT but by developing the missing piece, namely a scalable solution for
portable identifiers.


an intermediary MUST NOT alter the source or destination
field in an IP header.

There is nothing wrong with this if another intermediary puts it back
the way it was originally, preserving end-to-end traffic.

Michel.




<Prev in Thread] Current Thread [Next in Thread>