> On Feb 16, 2024, at 14:20, Jay R. Ashworth <j...@baylink.com> wrote: > > ----- Original Message ----- >> From: "Justin Streiner" <strein...@gmail.com> > >> 4. Getting people to unlearn the "NAT=Security" mindset that we were forced >> to accept in the v4 world. > > NAT doesn't "equal" security. > > But it is certainly a *component* of security, placing control of what > internal > nodes are accessible from the outside in the hands of the people inside. Uh, no… no it is not. Stateful inspection (which the kind of NAT (actually NAPT) you are assuming here depends on) is a component of security. You can do stateful inspection without mutilating the header and have all the same security benefits without losing or complicating the audit trail. Owen
- Re: IPv6 uptake Stephen Satchell
- Re: IPv6 uptake (was: The Reg does 240/4) Tom Beecher
- Re: IPv6 uptake (was: The Reg does 240/4) Owen DeLong via NANOG
- Re: IPv6 uptake (was: The Reg does 240/4) Owen DeLong via NANOG
- RE: IPv6 uptake (was: The Reg does 240/4) Howard, Lee via NANOG
- Re: IPv6 uptake (was: The Reg does 240/4) William Herrin
- Re: IPv6 uptake (was: The Reg does 240/4) Jay R. Ashworth
- Re: IPv6 uptake (was: The Reg does 240/4) Owen DeLong via NANOG
- Re: IPv6 uptake (was: The Reg does 240/4) Matthew Walster via NANOG
- Re: IPv6 uptake (was: The Reg does 240/4) Daniel Marks via NANOG
- Re: IPv6 uptake (was: The Reg does 240/4) Owen DeLong via NANOG
- Re: IPv6 uptake Michael Thomas
- Re: IPv6 uptake Mike Hammett
- Re: IPv6 uptake William Herrin
- Re: IPv6 uptake Mike Hammett
- Re: [External] Re: IPv6 uptake Hunter Fuller via NANOG
- Re: [External] Re: IPv6 uptake Dave Taht
- Re: [External] Re: IPv6 uptake Hunter Fuller via NANOG
- Re: [External] Re: IPv6 uptake Dave Taht
- Re: [External] Re: IPv6 uptake William Herrin
- Re: [External] Re: IPv6 uptake Hunter Fuller via NANOG
