nanog mailing list archives

Re: NAT etc. (was: Spam Control Considered Harmful)


From: "Jay R. Ashworth" <jra () scfn thpl lib fl us>
Date: Sun, 2 Nov 1997 12:35:57 -0500

On Sun, Nov 02, 1997 at 12:31:45PM -0500, Alan Hannan wrote:
Yup, it could, but as I noted to Paul, in the cases Sean is advocating,
the client and the NAT box may not be within the same span of
administration, either.  IE: no, you may _not_ trust the NAT op.

  In today's internet, the DNS management, the routing
  administration, and the ADM engineer are all outside of central
  administration.

  This is analagous to the case you bring up, and yet we work well.

  Proxy aggregation of address space occurs, and yet the world goes
  on.

  That the NAT administration would be different from that of the
  flow endpoints is orthagonal to the discussion.

No, I'm afraid I don't think that's true.  This is a question of
_trust_, and if I don't wish to allow the operator of a NAT box to
proxy my trust in a nameserver operator, there really isn't any good
way around that.

Cheers,
-- jra
-- 
Jay R. Ashworth                                                jra () baylink com
Member of the Technical Staff             Unsolicited Commercial Emailers Sued
The Suncoast Freenet      "Pedantry.  It's not just a job, it's an
Tampa Bay, Florida          adventure."  -- someone on AFU      +1 813 790 7592


Current thread: