3 Nov
1997
3 Nov
'97
6:12 p.m.
At the risk of stating the obvious, an observation about NAT and security... The problem is that IP addresses have overloaded semantics. Security needs an identifier. NAT and routing need locators. At present IP addresses serve both functions. We need to move to a world where locating a node is decoupled from identifying a node. In such a world, NAT could happen without causing IPsec to get broken by the NAT function. The overloaded semantics are broken. Noel has probably been the most outspoken in making this observation, but others have also noted the issue. Ran rja@Home.net