= Сообщение: 5825 из 7402 ============================================= IPV6 = От : Victor Sudakov 2:5005/49 27 Jan 19 18:33:50 Кому : Tony Langdon 27 Jan 19 18:33:50 Тема : NAT FGHI : area://IPV6?msgid=2:5005/49+5c4d9890 На : area://IPV6?msgid=967.fido-ipv6@3:633/410+20b2c31c = Кодировка сообщения определена как: CP866 ================================== ============================================================================== Dear Tony,
27 Jan 19 20:11, you wrote to me:
VS>> It was not intended as a security mechanism initially, but over VS>> time, it became one, and is required by many security guidelines. VS>> Ask some computer security specialist you trust, if you don't VS>> believe me.
TL> Well, having compared notes, I am wary of anyone who calls themselves TL> a "specialist" without personal knowledge and trust of the person. :) TL> I've certainly heard a lot of dodgy stories about so-called TL> "specialists" in networking from a very trusted source over the years.
Not all IT security specialists are competent, that is true and can be said about any specialists. But the requirement of using private IP address space has made it into too many security guidelines. A Mr. Mordac can be competent or incompetent, but he has checklists to follow.
VS>> Of course it does more! No packet filter *hides* *src* VS>> *addresses* of your internal hosts, and that is exactly what VS>> security people love NAT for.
TL> True, but IPv6 has mechanisms for source IP privacy without NAT.
Unfortunately, those mechanisms don't provide privacy of your /64 nets, i.e. the nets still remain mappable.