Home page logo
/

nanog logo nanog mailing list archives

Re: end2end? (was: RE: Where NAT disenfranchises the end-user ...)
From: Leo Bicknell <bicknell () ufp org>
Date: Fri, 7 Sep 2001 20:32:56 -0400


On Fri, Sep 07, 2001 at 07:50:05PM -0400, Andy Dills wrote:
Can you show damages in the situation of email? Yes. With packets? No. And
before you come back at me with some crazy convoluted contrived scenario,
let's just realize how far off the beaten path we are at this point. If
your ISP is going to force you to use NAT, "against your will", get a new
fricking provider. For that matter, what ISP NATs you against your will?

You're thinking civil law I think not criminal law.  Criminal law
does not require you to show damages, and generally doesn't care
if you were breaking the law "to help someone" or to hurt them.

I do realize this is a bit absurd, but here's the real lift situation
that concerns me.  Imagine if you will that your ISP asks you to
sign a disclosure (or contract with disclosure) allowing them to
"read and modify packets in the course of providing service".  You
ask them, dilligently about this and they tell you that they are
using NAT, and you're ok with that.

It all sounds well and good, but to me you also just gave them
carte blanche to read your e-mail or other traffic, the way I read
it.  A loophole perhaps, but one large enough to drive a mac truck
through, in legal speak.

I would not be surprised if a skilled lawyer could get a 'wiretapper'
off the hook, by showing them that someone consented to this sort of
monitoring / modification, particuarly with so many non-technical
judges.

None of this has anything to do with the technical merits of NAT
though, where I still maintain that 'plain nat' (no payload
modification) is a useful tool, provided you know it breaks some
things, and that 'nat' as currently marketed with all of its mucking
around in the data layer is dangerous on a number of technical,
political, and legal grounds.

-- 
Leo Bicknell - bicknell () ufp org
Systems Engineer - Internetworking Engineer - CCIE 3440
Read TMBG List - tmbg-list-request () tmbg org, www.tmbg.org


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]