Hi Brian,
On Mar 10, 2009, at 6:13 PM, Brian E Carpenter wrote:
But of course prefix translation doesn't provide the "benefit" described in RFC4864 section 2.4.
(For those without a handy copy of RFC 4864, section 2.4 = Topology Hiding).
That is absolutely correct. A prefix translation mechanism, such as NAT66, _does_ provide the benefit of "Address Autonomy" (or what I call "Address Independence"), but it _does not_ provide any sort of topology hiding, security or privacy "benefits". This can be a good thing or a bad thing, depending on how you look at it.
IMO, security benefits are better provided by an actual network security device, such as a firewall, that can be more flexibly configured to block or allow desired levels/types of access on a per- host or per-application basis. Others' mileage may vary.
Margaret _______________________________________________ nat66 mailing list [email protected] https://www.ietf.org/mailman/listinfo/nat66
