On Fri, Jul 20, 2012 at 11:58 AM, Henry Story <henry.st...@bblfish.net> wrote: > Of course, but you seem to want to support hidden legacy systems, that is > systems none of us know about or can see. It is still a worth while inquiry > to find out how many systems there are for which this is a problem, if any. > That is: > > a) systems that use non standard internal ip addresses > b) systems that use ip-address provenance for access control > c) ? potentially other issues that we have not covered > > Systems with a) are going to be very rare it seems to me, and the question > would be whether they can't really move over to standard internal ip > addresses. Perhaps IPV6 makes that easy. > > It is not clear that anyone should bother with designs such as b) - that's > bad practice anyway I would guess.
We know that systems which base their security at least in part on network topology (are you on a computer inside the DMZ?) are common (because it's easy). ~TJ