On May 3, 2010, at 8:10 AM, Keith Moore wrote: >> James, >> >> I believe what I asserted was the following.... >> >> >> "The factual thing that can be said about NAT is that it obscures the >> literal IP address assigned to an end device from a source on the other side >> of the NAT boundary. For some that is a desired effect for others it's an >> undesirable problem....... >> >> ...... >> >> You are not going to achieve that level of "obscurity" without some form of >> address translation....and any solution that you do provide to achieve that >> obscurity will have much of the same side effects that todays NAT does." >> > Actually, this seems like what IPv6 Privacy Addresses were made for.
actually, no. privacy addresses obscure the EID, the lower 64 bits, but don't obscure the locator information. Chris specifically would like to obscure the locator. One could argue that NAT66 obscures the locator, in the sense that the bits used inside the house are not the same as are used outside the house. However, there is a 1:1 and onto relationship between the inside and outside expressions. That's not very obscure. At the end of the day, however, any application that expresses an address in its content is overcoming any obscurity one thinks one is getting at the network layer. Consider the addresses in SMTP email; from this email that I am responding to, I can determine that [email protected] sends email to 173.136.67.67 lust.indecency.org, which is a Mirapoint system, which as m1.imap-partners.net [64.13.152.131] sends it on to someone else - in this case, AMS operating on behalf of the IETF. Oh, you obscured all that at the network layers? Pardon me... _______________________________________________ nat66 mailing list [email protected] https://www.ietf.org/mailman/listinfo/nat66
