Re: Domain Centric Administration, RE: draft-ietf-v6ops-natpt-to-historic-00.txt
2007-07-02 10:07:37
On Monday, July 02, 2007 07:01:28 AM -0700 "Hallam-Baker, Phillip"
<pbaker(_at_)verisign(_dot_)com> wrote:
And from a security point I want to see as much NAT as possible.
Whereas I want my applications to work, and people to stop conflating NAT
and firewalls.
You don't want to see as much NAT as possible; you want to see as much
blocking of inbound connections to consumers as possible, and for some
reason you seem to think that a firewall which does that must necessarily
also be a NAT. In fact, it does not; it's perfectly reasonable to build a
box that can be sold for <$50 which sits between a subscriber's computer
and the Internet and provides a basic firewall. Such a thing could be
combined in the same box as an ethernet switch, wireless AP, maybe a basic
router, DNS cache, and so on. In fact, plenty of such boxes are sold
today, except they all come with NAT turned on by default.
That is _not_ because NAT makes the network more secure - it doesn't.
It's because most of the people buying those boxes "need" NAT because their
ISP's won't give them more than one address, or at least won't do so for a
reasonable price. Fix _that_ problem, and you'll start seeing boxes that
provide security and flexibility without needing NAT.
Frankly, Phill, I'm surprised and disappointed that you are not only making
such a basic mistake, but spreading FUD about it.
-- Jeff
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf
<Prev in Thread] |
Current Thread |
[Next in Thread>
|
- Re: Domain Centric Administration, RE: draft-ietf-v6ops-natpt-to-historic-00.txt, (continued)
- Re: Domain Centric Administration, RE: draft-ietf-v6ops-natpt-to-historic-00.txt, Douglas Otis
- Re: Domain Centric Administration, RE: draft-ietf-v6ops-natpt-to-historic-00.txt, Mark Andrews
- RE: Domain Centric Administration, RE: draft-ietf-v6ops-natpt-to-historic-00.txt, Jun-ichiro itojun Hagino
- Message not available
- RE: Domain Centric Administration, RE: draft-ietf-v6ops-natpt-to-historic-00.txt, SM
- RE: Domain Centric Administration, RE: draft-ietf-v6ops-natpt-to-historic-00.txt, Hallam-Baker, Phillip
- Message not available
- RE: Domain Centric Administration, RE: draft-ietf-v6ops-natpt-to-historic-00.txt, SM
- Re: Domain Centric Administration, RE: draft-ietf-v6ops-natpt-to-historic-00.txt,
Jeffrey Hutzelman <=
- Re: Domain Centric Administration, RE: draft-ietf-v6ops-natpt-to-historic-00.txt, John C Klensin
- RE: Domain Centric Administration, RE: draft-ietf-v6ops-natpt-to-historic-00.txt, Hallam-Baker, Phillip
- Re: Domain Centric Administration, RE: draft-ietf-v6ops-natpt-to-historic-00.txt, Douglas Otis
- RE: Domain Centric Administration, RE: draft-ietf-v6ops-natpt-to-historic-00.txt, Christian Huitema
- RE: Domain Centric Administration, Hallam-Baker, Phillip
- Re: Domain Centric Administration, RE: draft-ietf-v6ops-natpt-to-historic-00.txt, Keith Moore
- RE: Domain Centric Administration, RE: draft-ietf-v6ops-natpt-to-historic-00.txt, Hallam-Baker, Phillip
- Re: Domain Centric Administration, RE: draft-ietf-v6ops-natpt-to-historic-00.txt, Keith Moore
- RE: Domain Centric Administration, RE: draft-ietf-v6ops-natpt-to-historic-00.txt, Hallam-Baker, Phillip
Re: IPv6 transition technologies, Brian E Carpenter
|
|
|