[LINK] There goes the neighbourhood...

Karl Auer kauer at biplane.com.au
Wed May 11 23:38:52 AEST 2011 

On Wed, 2011-05-11 at 23:12 +1000, Kim Holburn wrote:
> Maybe crypto was the original reason for this.  Using IP address as a
> crypto key is probably not such a great idea and doesn't work so well
> in an environment where many clients are in a private address space.  

Keys? It's not about using the IP addresses as keys, it's about
protecting the integrity, confidentiality or authority of the addresses
involved. NAT, by changing the source address from the destination's
point of view (and vice versa) breaks that.

> I'd have to disagree there.  I don't think that the network guarantees
> that the IP addresses in headers are going to stay the same from
> source to destination and so stay the same as any copies of such in
> the data.  

What can I say? "You're wrong" doesn't do the above statement justice.

That is exactly and precisely what the network is supposed to guarantee.
It is the very bone and marrow of the function of the network, and
anything that breaks it is a Bad Thing. Do you think the people who
invented the Internet and went on to implement (say) FTP just got it
wrong?!?

> I thought that the application layer was a separate layer and should
> leave ip layer details to the ip layer.  Probably not an absolute rule
> but a reasonable principle.  If there is a good reason for doing this
> at the application layer then fine but if not, what's the point?

The application layer has nothing to do with it. ALL layers occasionally
have need to be self-referential.

Regards, K.
 
-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Karl Auer (kauer at biplane.com.au)                   +61-2-64957160 (h)
http://www.biplane.com.au/kauer/                   +61-428-957160 (mob)

GPG fingerprint: DA41 51B1 1481 16E1 F7E2 B2E9 3007 14ED 5736 F687
Old fingerprint: B386 7819 B227 2961 8301 C5A9 2EBC 754B CD97 0156
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
URL: <https://mailman.anu.edu.au/pipermail/link/attachments/20110511/acac55f3/attachment.sig>

More information about the Link mailing list