> On Jan 17, 2021, at 12:00 PM, Chris Woodfield <[email protected]> wrote: > > Obviously this thread is going somewhat off-topic and my reply isn’t going to > help matters - the idea that peer to peer is useless is a factor, but it’s > more than that - it’s the fact that the vast majority of customers, service > providers, and operators have come to view NAT and the use of private space > as a form of security perimeter, and that allowing internal hosts/networks to > be numbered from globally-routable space represents a security risk. > > You, I, and most of the people reading PPML know that mindset is completely > fallacious, but it’s quite pervasive and takes quite a bit of education to > disabuse otherwise quite savvy operators of this notion.
Yep… I’ve done a lot of that reeducation over the years. It amazes me the number of people who have trouble separating stateful inspection from NAT and just can’t wrap their heads around the idea that you can still do stateful inspection even if you don’t mutilate the packet header in the process. > It’s interesting that a lot of IPv6 evangelism that I’ve seen over the years > doesn’t address this concern - IMO we should be spending quite a bit of > energy fighting that mindset. I’ve tried as best I can to address it head on each and every time it comes up. I haven’t figured out a way to be proactive about addressing it that doesn’t come off as antagonistic, patronizing, or confrontational (sometimes I even hit all 3), so suggestions there are welcome. In fact, I argue that lack of address transparency is contrary to good security because it breaks the continuity of audit trails and makes it harder to identify miscreants and compromised systems. Owen > > -C > >> On Jan 15, 2021, at 11:39 PM, Owen DeLong <[email protected] >> <mailto:[email protected]>> wrote: >> >> The biggest problem surrounding IPv4 is this idea that peer to peer is >> useless and we should all accept the idea of provider/supplicant and second >> class citizens. >> >
_______________________________________________ ARIN-PPML You are receiving this message because you are subscribed to the ARIN Public Policy Mailing List ([email protected]). Unsubscribe or manage your mailing list subscription at: https://lists.arin.net/mailman/listinfo/arin-ppml Please contact [email protected] if you experience any issues.
