[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: draft-ietf-v6ops-nap-04



	Hello,

On Thu, Nov 02, 2006 at 01:58:17PM +0100, Brian E Carpenter wrote :
> As Fred has pointed out, NAT is functionally
> equivalent to a stateful firewall.

Errmm, NAT do no more than stateful firewall, and are in many but not
all case so close to it that can be considered equivalent. But it's not
always so. In particular, stateful firewalls tend to be more strict as
to what they accept as a "solicited response" from the outside toward
the inside than NATs.

> NAT provides exactly the same level of security as a stateful
> firewall, and no more. Therefore, IPv6 users behind a stateful
> firewall are entitled to exactly the same feeling of security
> as users behind an IPv4 NAT; no more and no less

I'd rather have "NAT provides a level of security that is no better than
that of a stateful firewall, in any case. There, IPv6 users behind a
stateful firewall are entitled to as good a feeling of security as users
behind an IPv4 NAT, if not more; and the exact same feeling of security
as users behind an IPv4 stateful firewall."

??

-- 
Rémi Denis-Courmont
looking for a job
http://www.simphalempin.com/home/infos/CV-en.pdf