On 7/2/07 12:40 PM, "Hallam-Baker, Phillip" <pbaker(_at_)verisign(_dot_)com>
wrote:
The $50 includes the cost of administration. I get the NAT effect for free
when I plug the box in. Turning it off on the other hand requires rather a lot
of thinking for the average user.
There's no reason that a default firewall configuration
need be any more complicated than a NAT. Somewhat less,
actually. But anyway, I think you're muddying the discussion
somewhat by framing it in terms of NAT. You're talking
about network policy and NAT is not a policy function.
NAT workarounds tend to introduce security problems while
a decent, usable policy infrastructure would not, or would
at least localize them. I think we probably both see the
same outcome as desirable but I do think that it's a big
mistake to frame the problem as "NAT is good" rather than
"default deny is good."
Melinda
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf