On Sun, Nov 02, 1997 at 12:31:45PM -0500, Alan Hannan wrote:
Yup, it could, but as I noted to Paul, in the cases Sean is advocating, the client and the NAT box may not be within the same span of administration, either. IE: no, you may _not_ trust the NAT op.
In today's internet, the DNS management, the routing administration, and the ADM engineer are all outside of central administration.
This is analagous to the case you bring up, and yet we work well.
Proxy aggregation of address space occurs, and yet the world goes on.
That the NAT administration would be different from that of the flow endpoints is orthagonal to the discussion.
No, I'm afraid I don't think that's true. This is a question of _trust_, and if I don't wish to allow the operator of a NAT box to proxy my trust in a nameserver operator, there really isn't any good way around that. Cheers, -- jra -- Jay R. Ashworth jra@baylink.com Member of the Technical Staff Unsolicited Commercial Emailers Sued The Suncoast Freenet "Pedantry. It's not just a job, it's an Tampa Bay, Florida adventure." -- someone on AFU +1 813 790 7592