Re: Thomas Narten's DISCUSS vote

ho@earth.hpc.org (Hilarie Orman) Tue, 26 May 1998 16:49 UTC

Received: (from majordom@localhost) by portal.ex.tis.com (8.8.2/8.8.2) id MAA16771 for ipsec-outgoing; Tue, 26 May 1998 12:49:58 -0400 (EDT)
Date: Tue, 26 May 1998 13:02:35 -0400
From: ho@earth.hpc.org
Message-Id: <199805261702.NAA22913@earth.hpc.org>
To: smb@research.att.com
Cc: ipsec@tis.com
In-reply-to: Yourmessage <199805261451.HAA08773@baskerville.CS.Arizona.EDU>
Subject: Re: Thomas Narten's DISCUSS vote
Sender: owner-ipsec@ex.tis.com
Precedence: bulk

	What a tangled web is that,
	Devised by those who practice NAT.

	And would we all not be much better,	
	Had we not used a pseudohdr?

		Anonymous

	God in his wisdom made the NAT,
	Now please tell me, why is that?

		Ogden Hash

Because, without warning, on Tue, 26 May 1998 at 07:51:13 -0700 (MST) Steve
Bellovin intoned:

>   The objection is valid -- because of the transport checksum, which
>   is protected by ESP-NULL's integrity algorithm, the IP addresses
>   can't be tinkered with in a useful fashion.  (Well, I suppose that
>   a NAT box could change the source port number to offset the changes
>   to the addresses -- but I don't really regard that as useful...)

>   ESP-NULL has a lot of advantages -- but enabling NAT isn't one of them.
>   (Well, I suppose that one could argue that defeating NAT is itself
>   a nice feature, but that's out of bounds for this WG...)