Updated NAT fixes
smch at midway.uchicago.edu
Tue Apr 16 10:48:00 EDT 2002
I don't understand how this helps with NAT. What gets put into the
"from-initiator" and "from-acceptor" fields? Does the client have to
know what NAT address it's going to get?
On Mon, 15 Apr 2002, Nicolas Williams wrote:
> It's a two-valued HostAddress. The two values are "from-initiator" and
> "from-acceptor", essentially.
> It's purpose is to be used in priv, safe and cred messages to prevent
> reflection replay attacks while at the same time ridding us of the need
> to use real HostAddresses in those messages. So the direction address
> type is another step to resolve the issues with NAT.
> On Mon, Apr 15, 2002 at 09:59:01AM -0500, Steven Michaud wrote:
> > > There's discussion within the IETF of adding
> > > a direction address type for the next version of the protocol and
> > > removing addresses completely from priv and safe for the following
> > > version.
> > What's a "direction address type"? I did a Google search on that
> > phrase, but all I found was a bare mention of it in notes on one or
> > more IETF meetings (http://www.isi.edu/people/bcn/krb-revisions/).
More information about the krbdev