EricLKlein wrote:
>
> Andrew White wrote
> > The problem with these people's arguments is that it's not the address
> range
> > that gives the security, it's the fact that you have an isolated network
> > connected to the global network via only a proxy (NAT) and firewall.
> >
> > You can use any address range you like inside the NAT. However, if you
> > don't use a 'private' range you're running two risks:
> >
> > - masking a portion of the global internet
> > - leaking addresses that look real but are actually invalid rather than
> > obviously invalid ones.
>
> This is exactly why some of us have been trying to prevent the depriciation
> of local ("private") address.
And it is why those of us unwilling to accept the major operational problems
of *ambiguous* private addresses are trying to provide an unambiguous replacement.
>
> >
> > The advantage of a local/private address range is that you can create one
> > for whatever local use you need without needing to obtain space through a
> > registration authority. The advantage of 'approximately unique' local
> > addresses (in the style of the Hinden/Haberman draft) is that you get
> > addresses with all the benefits of private address AND they're not likely
> to
> > conflict if you merge.
> >
>
> This would work, and would be acceptiable to most people if there was a
> simple rule that worked, and would continue to work as the network grows. My
> concern is that an 'approximately unique' local address could at some point
> become less than unique and could cause routing problems when the address is
> eventually assigned.
You don't seem to have read the Hinden/Haberman draft closely. The plan is that
there will be a central registry for people with this concern.
> I mean, how many companies would use this
> 'approximately unique' local address option and thus "claim" portions of the
> network,
They aren't claiming any such thing. They own their internal networks and
this is just a quick way for them to make them useable without the overhead
of going to a registry. And I would expect every dentist's office to use this
mechanism.
> while the registreies are assigning addresses? Eventually there
> will be legimate asigned users to some of these 'approximately unique' local
> addresses
No there won't. The Hinden/Haberman proposal makes this entirely clear. There
is no overlap between registry-assigned addresses and locally-asssigned ones.
> and this will cause problems later.
No it won't, because it isn't true.
Brian
--------------------------------------------------------------------
IETF IPv6 working group mailing list
[EMAIL PROTECTED]
Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------
