On Oct 18, 2010, at 12:26 PM, Johnny Eriksson wrote:
"Tony Hain" <alh-ietf@tndh.net> wrote:
Actually nat does something for security, it decimates it. Any 'real' security system (physical, technology, ...) includes some form of audit trail. NAT explicitly breaks any form of audit trail, unless you are the one operating the header mangling device. Given that there is no limit to the number of nat devices along a path, there can be no limit to the number of people operating them. This means there is no audit trail, and therefore NO SECURITY.
So an audit trail implies security? I don't agree. It may make post-mortem analysis easier, thou.
An audit trail improves security because post-mortem analysis of breaches is an important tool in improving security.
Does end-to-end crypto break security? Which security? The security of the endpoints or the security of someone else who cannot now audit the communication in question fully?
No, end-to-end crypto does not, by itself, break security. Arguably, end-to-end crypto MAY bypass security in some environments, but, those environments do have controls available to disable end-to-end crypto. Owen