North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Enterprise IPv6 (Was: Cool IPv6 Stuff/Security gain from NAT)
On 4/06/2007, at 9:52 PM, Sam Stickland wrote:
While those are valid concerns, stateless inspection fills the "gap" that NAPT provides in terms of filtering packets, and the privacy extensions for stateless autoconfiguration (RFC3041 and further work, enabled by default on Windows, disabled by default on Mac, BSD, not sure about Linux.) address the "lack" of anonymity. What this thread fails to mention is that NAPT is a band-aid. It won't help us forever, as it still requires one IPv4 address per site (however that is defined), unless it is proposed that ISPs start to put many customers behind a single NAPT - which I strongly hope it's not. While it's entertaining [1] to debate the pros/cons of NAPT's ability to provide security for the 500th time, we're essentially debating the pros/cons of a "technology" that is going to (hopefully) be outdated soon. I suggest we move on. Sam, have you heard any concerns, other than that "NAPT provides us security" one? -- Nathan Ward [1] Ok, it's actually not.
|