Thus wrote Keith Moore ([email protected]):
> On Oct 29, 2010, at 4:18 AM, S.P.Zeidler wrote:
> And the effect of what you're trying to do is to cripple the Internet
> architecture so that nobody can run apps that don't conform to your
> narrow-minded ideas of how apps should work.
Because cascaded IPv4 NATs would be so much better ...
> > In a world where even subnets are plenty, if I have a few hosts that I want
> > to run an app like that I can assign them their very own public /64 in their
> > own DMZlet.
>
> As long as you're trying to make a destination IP address be an
> authentication token for your hosts, your security is always going to be very
> weak and fragile.
I'm not sure where you get "authentication token" where I simply say
"I can afford to exempt a few hosts from NATting but not all of them".
I'm really curious what types of novel apps you envision that are so
compelling even enterprises that have to be paranoid by law will want
to have on each and every one of their devices, while being unable to run
across application proxies. You wrote I was too daft, well go ahead and
educate me then.
regards,
spz
--
[email protected] (S.P.Zeidler)
_______________________________________________
nat66 mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/nat66
