[e2e] 0% NAT - checkmating the disconnectors
kempf at docomolabs-usa.com
Tue Mar 7 13:16:59 PST 2006
So here's a security scenerio that, I'm told, is fairly common today. A
spammer exchanges what is know as a "pink letter" with an ISP. The ISP
promises not to cut off the spammer in exchange for a kickback.
How would your proposal solve this problem?
----- Original Message -----
From: "Dave Crocker" <dhc2 at dcrocker.net>
To: <end2end-interest at postel.org>
Sent: Tuesday, March 07, 2006 10:12 AM
Subject: Re: [e2e] 0% NAT - checkmating the disconnectors
> James Kempf wrote:
>>> Does anyone have any good thoughts on how to collectively create the
>>> next generation *Inter* Net - one that actually provides the
>>> interoperability that all of us old codgers dreamed was possible when
>>> Licklider, Taylor, Englebart, etc. first imagined it and Vint Cerf and
>>> Bob Kahn made it happen?
>> If you want it to be secure and open, keep the NATs out but put in place
>> a legal/social/commercial solution for security, kind of an Internet CSI.
>> One thing I think we should have learned from the Cold War is that
>> depending only on technical measures for security just leads to arms
> Let's consider something completely different:
> Assume that a NAT represent more than just a device to do address
> administration. Assume that it is part of a function the represents a
> desire of intrnet operators to have a clear distinction between inside and
> To some extent, routers do the same thing. (Yes, NATs are more complex and
> are stateful, but I'm going for a basic issue, here, so please just
> tolerate my hand-waving.)
> Note that routers do address translation too. They change the current
> link-layer address to be a new one. (Dontcha just luv layers?)
> For all of the implied lessons in distinguishing internal routing from
> exterior routing, we seem to resist re-applying the lesson to other parts
> of the architecture.
> I've come to believe that most of the approach to dealing with NATs almost
> comes for free if we do locator/identifier properly and provide a useful
> 'session' layer (or equivalent function with the app layer.)
> Dave Crocker
> Brandenburg InternetWorking
More information about the end2end-interest