[Cryptography] IPsec DH parameters, other flaws
William Allen Simpson
william.allen.simpson at gmail.com
Wed Jul 22 14:35:17 EDT 2020
On 7/22/20 2:20 PM, William Allen Simpson wrote:
> On 7/20/20 8:09 PM, Dan McDonald wrote:
>> I was there in the mid-90s, and we IPng-ers detested NAT, and thought it was
>> our mission in life to kill it dead. NATs were middleboxes that altered
>> packets and were an extra single-point-of-failure! Also, we though NATs were
>> going to be easy targets for... wait for it... attackers, including-and-
>> especially state-sponsored ones!
>>
>
> But some of us were very much in favor of firewalls. The issue with NAT
> was altering packets. Also, distributing security secrets to the NAT.
>
Forgot to mention, not all of us hated NAT entirely. Paul Francis was the
originator of NAT, RFC 1631, and was actively involved in SIPP (IPv6).
More information about the cryptography
mailing list