[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Thomas Narten's DISCUSS vote

To: smb@research.att.com
Subject: Re: Thomas Narten's DISCUSS vote
From: ho@earth.hpc.org (Hilarie Orman)
Date: Tue, 26 May 1998 13:02:35 -0400
Cc: ipsec@tis.com
In-reply-to: Yourmessage <199805261451.HAA08773@baskerville.CS.Arizona.EDU>
Sender: owner-ipsec@ex.tis.com

	What a tangled web is that,
	Devised by those who practice NAT.

	And would we all not be much better,	
	Had we not used a pseudohdr?

		Anonymous

	God in his wisdom made the NAT,
	Now please tell me, why is that?

		Ogden Hash

Because, without warning, on Tue, 26 May 1998 at 07:51:13 -0700 (MST) Steve
Bellovin intoned:

>   The objection is valid -- because of the transport checksum, which
>   is protected by ESP-NULL's integrity algorithm, the IP addresses
>   can't be tinkered with in a useful fashion.  (Well, I suppose that
>   a NAT box could change the source port number to offset the changes
>   to the addresses -- but I don't really regard that as useful...)

>   ESP-NULL has a lot of advantages -- but enabling NAT isn't one of them.
>   (Well, I suppose that one could argue that defeating NAT is itself
>   a nice feature, but that's out of bounds for this WG...)

Prev by Date: Re: Thomas Narten's DISCUSS vote
Next by Date: Re: Thomas Narten's DISCUSS vote
Prev by thread: Re: Thomas Narten's DISCUSS vote
Next by thread: RE: Thomas Narten's DISCUSS vote
Index(es):
- Main
- Thread