RE: end2end? (was: RE: Where NAT disenfranchises the end-user ... )
|> From: Jon Mansey [mailto:jon_mansey@verestar.com] |> Sent: Friday, September 07, 2001 11:57 AM |> |> I seem to be able to connect to port-forwarded services behind my |> office NAT firewall just fine from my laptop behind my home NAT box. |> Whats the problem? Can we talk ... using NetMeeting?
At 12:31 PM -0700 9/7/01, Roeland Meyer wrote:
|> From: Jon Mansey [mailto:jon_mansey@verestar.com] |> Sent: Friday, September 07, 2001 11:57 AM |> |> I seem to be able to connect to port-forwarded services behind my |> office NAT firewall just fine from my laptop behind my home NAT box. |> Whats the problem?
Can we talk ... using NetMeeting?
NM, along with IPsec are examples of apps that dont play well here, but thats the point, they are apps that have not been written with the real world in mind, ie that a good proportion of the edge these days is behind NAT. Who gives in first here, the app developers (or their marketing depts) who decide that supporting NAT is important, or the NAT developers who decide they can fix cuseeme or PPTP by re-writing the packet data? I am also playing devil's advocate here somewhat, we all know the real solution to lack of IPv4 space, true end2end, and security lies with IPv6, right? jm
On Fri, 7 Sep 2001 12:44:21 -0700 Jon Mansey <jon_mansey@verestar.com> wrote:>
NM, along with IPsec are examples of apps that dont play well here, but thats the point, they are apps that have not been written with the real world in mind, ie that a good proportion of the edge these days is behind NAT.
data communications security types would argue that NAT breaks data integrity and authentication features that are rather important. end-to-end characteristics are probably more crucial in this context than any other. richard -- Richard Welty Averill Park Networking rwelty@averillpark.net 518-573-7592
participants (3)
-
Jon Mansey
-
Richard Welty
-
Roeland Meyer