On Oct 18, 2010, at 12:26 PM, Johnny Eriksson wrote: > "Tony Hain" <[email protected]> wrote: > >> Actually nat does something for security, it decimates it. Any 'real' >> security system (physical, technology, ...) includes some form of audit >> trail. NAT explicitly breaks any form of audit trail, unless you are the one >> operating the header mangling device. Given that there is no limit to the >> number of nat devices along a path, there can be no limit to the number of >> people operating them. This means there is no audit trail, and therefore NO >> SECURITY. > > So an audit trail implies security? I don't agree. It may make post-mortem > analysis easier, thou. > An audit trail improves security because post-mortem analysis of breaches is an important tool in improving security.
> Does end-to-end crypto break security? Which security? The security of > the endpoints or the security of someone else who cannot now audit the > communication in question fully? > No, end-to-end crypto does not, by itself, break security. Arguably, end-to-end crypto MAY bypass security in some environments, but, those environments do have controls available to disable end-to-end crypto. Owen
