EricLKlein wrote: > > Andrew White wrote > > The problem with these people's arguments is that it's not the address > range > > that gives the security, it's the fact that you have an isolated network > > connected to the global network via only a proxy (NAT) and firewall. > > > > You can use any address range you like inside the NAT. However, if you > > don't use a 'private' range you're running two risks: > > > > - masking a portion of the global internet > > - leaking addresses that look real but are actually invalid rather than > > obviously invalid ones. > > This is exactly why some of us have been trying to prevent the depriciation > of local ("private") address.
And it is why those of us unwilling to accept the major operational problems of *ambiguous* private addresses are trying to provide an unambiguous replacement. > > > > > The advantage of a local/private address range is that you can create one > > for whatever local use you need without needing to obtain space through a > > registration authority. The advantage of 'approximately unique' local > > addresses (in the style of the Hinden/Haberman draft) is that you get > > addresses with all the benefits of private address AND they're not likely > to > > conflict if you merge. > > > > This would work, and would be acceptiable to most people if there was a > simple rule that worked, and would continue to work as the network grows. My > concern is that an 'approximately unique' local address could at some point > become less than unique and could cause routing problems when the address is > eventually assigned. You don't seem to have read the Hinden/Haberman draft closely. The plan is that there will be a central registry for people with this concern. > I mean, how many companies would use this > 'approximately unique' local address option and thus "claim" portions of the > network, They aren't claiming any such thing. They own their internal networks and this is just a quick way for them to make them useable without the overhead of going to a registry. And I would expect every dentist's office to use this mechanism. > while the registreies are assigning addresses? Eventually there > will be legimate asigned users to some of these 'approximately unique' local > addresses No there won't. The Hinden/Haberman proposal makes this entirely clear. There is no overlap between registry-assigned addresses and locally-asssigned ones. > and this will cause problems later. No it won't, because it isn't true. Brian -------------------------------------------------------------------- IETF IPv6 working group mailing list [EMAIL PROTECTED] Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------