>> Why should all enterprises have to deal with your extremely simplistic and >> naive view of what their security needs are and what their security strategy >> should be? >> > > Who's saying they will? I'm not forcing them to use NAT anymore then I'm > telling them what their FW rules must be...or what OS to standardize their > hosts/servers on.
NATs harm everybody, not just those who are forced to sit behind them. By arguing for NATs to be standardized and used for purposes for which they are not well-suited and not needed, you are trying to promote things that do harm. > The only argument I've ventured is that there ARE legitimate usage cases for > NAT (both the flavor being described in this document and a statefull NAT > similar to what exists in IPv4 today). you're grossly exaggerating those use cases. security is NOT a legitimate use case for NAT. security is NOT enhanced by imposing mechanisms that make network policy enforcement less flexible. Keith _______________________________________________ nat66 mailing list [email protected] https://www.ietf.org/mailman/listinfo/nat66
