Updated NAT fixes

Steven Michaud smch at midway.uchicago.edu
Tue Apr 16 10:48:00 EDT 2002

I don't understand how this helps with NAT.  What gets put into the
"from-initiator" and "from-acceptor" fields?  Does the client have to
know what NAT address it's going to get?

On Mon, 15 Apr 2002, Nicolas Williams wrote:

> It's a two-valued HostAddress. The two values are "from-initiator" and
> "from-acceptor", essentially.
> It's purpose is to be used in priv, safe and cred messages to prevent
> reflection replay attacks while at the same time ridding us of the need
> to use real HostAddresses in those messages. So the direction address
> type is another step to resolve the issues with NAT.
> Nico
> On Mon, Apr 15, 2002 at 09:59:01AM -0500, Steven Michaud wrote:
> > > There's discussion within the IETF of adding
> > > a direction address type for the next version of the protocol and
> > > removing addresses completely from priv and safe for the following
> > > version.
> > 
> > What's a "direction address type"?  I did a Google search on that
> > phrase, but all I found was a bare mention of it in notes on one or
> > more IETF meetings (http://www.isi.edu/people/bcn/krb-revisions/).
> > 

More information about the krbdev mailing list