North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: end2end? (was: RE: Where NAT disenfranchises the end-user ...)

  • From: Leo Bicknell
  • Date: Fri Sep 07 17:23:16 2001

On Fri, Sep 07, 2001 at 05:09:43PM -0400, Andy Dills wrote:
> One is content, the other a content-delivery mechanism. Think about the
> post office. It's perfectly acceptable for them to stamp a forwarded
> address on the envelope to ensure it's delivery, but perfectly
> unacceptable to modify the content inside.

But NAT goes further.  Consider if the post office opened up your
letter, looked at the return address on it, saw that was wrong and
stuck the new one on it, put it back in the envelope and then sent
it on its way.  That's exactly what NAT does with some protocols.

I have no problem with people using NAT, and I have used it myself.
Specifically, I don't my the {IP,port} translation basic NAT does.
Yes, it breaks some protocols, but as long as that's known it's ok.
I have a big problem with the data modification of more recent NAT

It does have some interesting implication as to who can modify data
as well.  If a device in the middle has license to modify data in
the middle of a data stream, what are the limits of that license?
If my service provider uses NAT without my consent can I sue them
for reading/changing my data?  If not, why would I be able to sue
them if they do the same thing to e-mail?  What is the difference?

Leo Bicknell - [email protected]
Systems Engineer - Internetworking Engineer - CCIE 3440
Read TMBG List - [email protected],