[e2e] 100% NAT - a DoS proof internet

Saikat Guha saikat at cs.cornell.edu
Wed Feb 22 13:04:50 PST 2006


On Wed, 2006-02-22 at 15:39 -0500, David P. Reed wrote:
> >The mechanistic requirements of the NAT'ed Internet conveniently
> >coincide with the present security requirements.
> >
>
> Note that 
> the NAT inventors NEVER claimed security as the goal

My apologies, I wasn't clear -- I don't mean to imply NATs have anything
to do with security. I mean that the *mechanisms* necessitated by NATs
are also useful from a security standpoint.

In particular, NATs require end-hosts to *negotiate* addresses. This
negotiation is end-to-end, and bi-directional. Security requires
end-hosts to negotiate identities, encryption, etc. in a similar
fashion.

If the Internet were to provide this end-to-end bi-directional
"negotiation" as a primitive, it could be used for both address
translation as well as for security.

NATs force the rendezvous to provide such a negotiation primitive.
Security can benefit from this primitive (not from the NATs per se). 

cheers,
-- 
Saikat
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://www.postel.org/pipermail/end2end-interest/attachments/20060222/ac2717db/attachment.bin


More information about the end2end-interest mailing list