[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: on NAT-PT

To: Alain Durand <Alain.Durand@Sun.COM>
Subject: Re: on NAT-PT
From: itojun@iijlab.net
Date: Sat, 04 Jan 2003 13:33:06 +0900
Cc: v6ops@ops.ietf.org
In-reply-to: Alain.Durand's message of Fri, 03 Jan 2003 20:28:46 PST. <03E6FD6D-1F9D-11D7-9565-00039376A6AA@sun.com>

>>> What I'm saying is that imposing to use 'AD is secure'
>>> to operate DNSsec in IPv6 networks is a big step
>>> that I'm not sure I'm ready to make.
>> 	you are generalizing it too much by saying "in IPv6 networks" - what
>> 	i'm suggesting is to use "AD is secure" for NAT-PT, that's all.
>> 	it doesn't have to be imposed for all IPv6 networks.
>So you're back to my previous question. The context is now clearer, 
>thanks.
>How does the end node knows it is behind a NAT-PT box?

	end nodes do not need to know if it is behind a NAT-PT box or not.
	their connections will be invited to NAT-PT translation device by a
	matter of site administration policy (use specific recursive resolver),
	that's all.

	the use of "AD is secure" is not directly dependent to DNS-ALG, you
	could use it even when you are using normal recursive resolver.  i
	suggested the use of "AD is secure" because you asked how you can
	use DNSSEC with NAT-PT.

itojun

Prev by Date: Re: on NAT-PT
Previous by thread: Re: on NAT-PT
Next by thread: RE: About draft-thakur-v6oanand.thakur@hpsglobal.comps-3gpp-cases-00.txt
Index(es):
- Date
- Thread