Operational challenges of no NAT

Matthew Ford ford at isoc.org
Thu Oct 28 12:13:16 CEST 2010

On 28 Oct 2010, at 11:06, Mark Blackman wrote:

> Ben Jencks wrote:
>> Wouldn't crypto, either HMAC or signatures, be a better assurance of
>> authorization? Sure, they can whitelist your /64, but that just serves
>> to keep the riff-raff out; the signature provides the actual identity
>> information.
>> For callbacks, they should be done with DNS names. That way you're
>> v4/v6 agnostic at the application layer, and you can renumber your
>> callback receiver at will.
>> I'm aware that in dealing with big providers they can have a pretty
>> hard-to-budge idea of how to do things. But if you're asking for the
>> "IPv6 way", I think crypto and DNS are the way to go.
> Is there some documented list of the usual requirements that NAT is used to satisfy and the corresponding IPv6 method to satisfy that requirement?

See http://tools.ietf.org/html/rfc4864


More information about the ipv6-ops mailing list