[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: IPSEC and NAT and the BIG PICTURE
Here's a succinct way to describe the main problem with NAT
vs. security protocols (ipsec, kerberos, dnssec, ...)
It's possible to do end-to-end security in the presence of NAT.
It's also possible to use addresses as data in the presence of NAT --
the NAT box just has to rewrite the addresses.
However, it's not possible to use end-to-end secure protocols which
carry addresses as data... it's this combination of features which
cannot possibly work.
- Bill
References: