[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IPsec and Mobile IPv6

To: Francis Dupont <Francis.Dupont@enst-bretagne.fr>
Subject: Re: IPsec and Mobile IPv6
From: Michael Richardson <mcr@sandelman.ottawa.on.ca>
Date: Wed, 17 Jul 2002 19:37:30 -0400
cc: ipsec@lists.tislabs.com
In-reply-to: Your message of "Wed, 17 Jul 2002 09:34:34 +0200." <200207170734.g6H7YYGF068039@givry.rennes.enst-bretagne.fr>
Sender: owner-ipsec@lists.tislabs.com

-----BEGIN PGP SIGNED MESSAGE-----


  Francis, your draft is very short.
  My three sentence summary is:

1. NATs are devices in the path.
2. Any device in the path can perform a DoS attack or change IP addresses.
3. A number of protocols have been made NAT-friendly by removing the 
   IP source address (and/or port) from within the protection, leaving those
   protocols open to "pseudo-NATs".

  As much as I dislike NAT .... I guess I'm just not very convinced this is a
serious issue. 

]       ON HUMILITY: to err is human. To moo, bovine.           |  firewalls  [
]   Michael Richardson, Sandelman Software Works, Ottawa, ON    |net architect[
] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another NetBSD/notebook using, kernel hacking, security guy");  [

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: latin1
Comment: Finger me for keys

iQCVAwUBPTX/tYqHRg3pndX9AQGNdgQAkpJv5dPUnBjJcEqpIT0kwVyA0V9Z+n/Y
XdWmnmqLlq4vVvuVsWIIPZtrZzRduavTkEW4j6cqhgu9OVuHh1c7B7GQR4rJJWeQ
KzBvVXaFrm3qkW8gxBqaJBPVcCOel86ckHPxzZHNIr0E5y1gOWJD/AT0I92AlkKo
sd3s7PgKMCs=
=qhAu
-----END PGP SIGNATURE-----

Follow-Ups:
- Re: IPsec and Mobile IPv6
  - From: Francis Dupont <Francis.Dupont@enst-bretagne.fr>

References:
- Re: IPsec and Mobile IPv6
  - From: Francis Dupont <Francis.Dupont@enst-bretagne.fr>

Prev by Date: RE: One base SOI ID? Humm
Next by Date: RE: One base SOI ID? Humm
Prev by thread: Re: IPsec and Mobile IPv6
Next by thread: Re: IPsec and Mobile IPv6
Index(es):
- Date
- Thread