[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ipsec
Subject:    Re: IPSEC and NAT
From:       "Theodore Y. Ts'o" <tytso () MIT ! EDU>
Date:       1997-08-27 17:42:28
[Download RAW message or body]

Granted, the issues are very complex, and I very much understand that at
the time, NAT's may have seemed to be a cheaper alternative than
fighting the address space battles.  And I recognize that NAT's did not
arise out of a vacuum, either.  

I will observe, though, that while NAT's may have appeared to be the
cheaper solution initially, the total bill for the NAT "solution" has
yet to be totalled up.  

Interactions with IPSEC is just one such example of an additional cost
of NAT's.  (And let us be clear that it is a cost imposed by NAT's, not
by IPSEC, as it is the NAT boxes which broke a fundamental property of
the Internet architecture.)

						- Ted

[prev in list] [next in list] [prev in thread] [next in thread]