Pekka,
I believe RFC 2993 actually covers all the issues (including the one
of VPNs between RFC 1918 sites, especially in section 7.6).
Given how difficult it was to get that RFC published, I wonder if it
is worth the effort of writing what would efefctively be the same
document, but with an emphasis on ambiguity instead of translation.
Brian
Pekka Savola wrote:
>
> Hi,
>
> Regarding the local addressing debate...
>
> I had the misfortune to having to participate in a discussion where a
> multiple-branch (20-30+) enterprise, which has deployed private addresses
> and network-to-network VPN's inside it, wants to start using IPv6.
>
> I'm wondering whether there exist any educational material why
> RFC1918-like addressing is really *NOT* a good idea (or even, list and
> evaluate the tradeoffs), and how to get around it. ("If one can state
> clearly arguments why they shouldn't be doing it with IPv4, maybe it's
> easier to convince them not to do so with IPv6").
>
> It seems to me that there is a very severe need for a way to enlighten
> folks like that if we ever want to be successful..
>
> http://www.cs.utk.edu/~moore/what-nats-break.html is interesting, but not
> focused enough for RFC1918-like addressing itself.
>
> I.e., what I'd like to see is whether anyone has written up something
> regarding either "why local addressing would be a bad idea with IPv6", or
> "why local addressing is a bad idea with IPv4", especially from the
> security point-of-view.
>
> btw., one way to probably avoid the two-faced DNS issues with local
> addressing is probably to simply use a different naming for internal
> commuications like with example.com --> example.internal.
>
> --
> Pekka Savola "You each name yourselves king, yet the
> Netcore Oy kingdom bleeds."
> Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings
>
> --------------------------------------------------------------------
> IETF IPv6 working group mailing list
> [EMAIL PROTECTED]
> Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6
> --------------------------------------------------------------------
--
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Brian E Carpenter
Distinguished Engineer, Internet Standards & Technology, IBM
NEW ADDRESS <[EMAIL PROTECTED]> PLEASE UPDATE ADDRESS BOOK
--------------------------------------------------------------------
IETF IPv6 working group mailing list
[EMAIL PROTECTED]
Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------
