[e2e] 0% NAT - checkmating the disconnectors

James Kempf kempf at docomolabs-usa.com
Tue Mar 7 13:16:59 PST 2006 

Hi Dave,

So here's a security scenerio that, I'm told, is fairly common today. A 
spammer exchanges what is know as a "pink letter" with an ISP. The ISP 
promises not to cut off the spammer in exchange for a kickback.

How would your proposal solve this problem?

            jak

----- Original Message ----- 
From: "Dave Crocker" <dhc2 at dcrocker.net>
To: <end2end-interest at postel.org>
Sent: Tuesday, March 07, 2006 10:12 AM
Subject: Re: [e2e] 0% NAT - checkmating the disconnectors


> James Kempf wrote:
>>> Does anyone have any good thoughts on how to collectively create the 
>>> next generation *Inter* Net - one that actually provides the 
>>> interoperability that all of us old codgers dreamed was possible when 
>>> Licklider, Taylor, Englebart, etc. first imagined it and Vint Cerf and 
>>> Bob Kahn made it happen?
>>>
>>
>> If you want it to be secure and open, keep the NATs out but put in place 
>> a legal/social/commercial solution for security, kind of an Internet CSI. 
>> One thing I think we should have learned from the Cold War is that 
>> depending only on technical measures for security just leads to arms 
>> races.
>
>
>
> Let's consider something completely different:
>
> Assume that a NAT represent more than just a device to do address 
> administration.  Assume that it is part of a function the represents a 
> desire of intrnet operators to have a clear distinction between inside and 
> outside.
>
> To some extent, routers do the same thing. (Yes, NATs are more complex and 
> are stateful, but I'm going for a basic issue, here, so please just 
> tolerate my hand-waving.)
>
> Note that routers do address translation too.  They change the current 
> link-layer address to be a new one.  (Dontcha just luv layers?)
>
> For all of the implied lessons in distinguishing internal routing from 
> exterior routing, we seem to resist re-applying the lesson to other parts 
> of the architecture.
>
> I've come to believe that most of the approach to dealing with NATs almost 
> comes for free if we do locator/identifier properly and provide a useful 
> 'session' layer (or equivalent function with the app layer.)
>
> d/
> -- 
>
> Dave Crocker
> Brandenburg InternetWorking
> <http://bbiw.net>
>

More information about the end2end-interest mailing list