Andrew White wrote
> The problem with these people's arguments is that it's not the address
range
> that gives the security, it's the fact that you have an isolated network
> connected to the global network via only a proxy (NAT) and firewall.
>
> You can use any address range you like inside the NAT. However, if you
> don't use a 'private' range you're running two risks:
>
> - masking a portion of the global internet
> - leaking addresses that look real but are actually invalid rather than
> obviously invalid ones.
This is exactly why some of us have been trying to prevent the depriciation
of local ("private") address.
>
> The advantage of a local/private address range is that you can create one
> for whatever local use you need without needing to obtain space through a
> registration authority. The advantage of 'approximately unique' local
> addresses (in the style of the Hinden/Haberman draft) is that you get
> addresses with all the benefits of private address AND they're not likely
to
> conflict if you merge.
>
This would work, and would be acceptiable to most people if there was a
simple rule that worked, and would continue to work as the network grows. My
concern is that an 'approximately unique' local address could at some point
become less than unique and could cause routing problems when the address is
eventually assigned. I mean, how many companies would use this
'approximately unique' local address option and thus "claim" portions of the
network, while the registreies are assigning addresses? Eventually there
will be legimate asigned users to some of these 'approximately unique' local
addresses and this will cause problems later.
Eric
--------------------------------------------------------------------
IETF IPv6 working group mailing list
[EMAIL PROTECTED]
Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------
