Re: Thomas Narten's DISCUSS vote
ho@earth.hpc.org (Hilarie Orman) Tue, 26 May 1998 16:49 UTC
Received: (from majordom@localhost) by portal.ex.tis.com (8.8.2/8.8.2) id MAA16771 for ipsec-outgoing; Tue, 26 May 1998 12:49:58 -0400 (EDT)
Date: Tue, 26 May 1998 13:02:35 -0400
From: ho@earth.hpc.org
Message-Id: <199805261702.NAA22913@earth.hpc.org>
To: smb@research.att.com
Cc: ipsec@tis.com
In-reply-to: Yourmessage <199805261451.HAA08773@baskerville.CS.Arizona.EDU>
Subject: Re: Thomas Narten's DISCUSS vote
Sender: owner-ipsec@ex.tis.com
Precedence: bulk
What a tangled web is that, Devised by those who practice NAT. And would we all not be much better, Had we not used a pseudohdr? Anonymous God in his wisdom made the NAT, Now please tell me, why is that? Ogden Hash Because, without warning, on Tue, 26 May 1998 at 07:51:13 -0700 (MST) Steve Bellovin intoned: > The objection is valid -- because of the transport checksum, which > is protected by ESP-NULL's integrity algorithm, the IP addresses > can't be tinkered with in a useful fashion. (Well, I suppose that > a NAT box could change the source port number to offset the changes > to the addresses -- but I don't really regard that as useful...) > ESP-NULL has a lot of advantages -- but enabling NAT isn't one of them. > (Well, I suppose that one could argue that defeating NAT is itself > a nice feature, but that's out of bounds for this WG...)
- Re: Thomas Narten's DISCUSS vote Gabriel.Montenegro
- Thomas Narten's DISCUSS vote Theodore Y. Ts'o
- Re: Thomas Narten's DISCUSS vote Vipul Gupta
- Re: Thomas Narten's DISCUSS vote Gabriel.Montenegro
- Re: Thomas Narten's DISCUSS vote Vach Kompella
- Re: Thomas Narten's DISCUSS vote Steve Bellovin
- Re: Thomas Narten's DISCUSS vote Hilarie Orman
- Re: Thomas Narten's DISCUSS vote Thomas Narten
- RE: Thomas Narten's DISCUSS vote Stephen Waters
- Re: Thomas Narten's DISCUSS vote Pyda Srisuresh