On 20 Jul 2012, at 21:02, Tab Atkins Jr. wrote: > On Fri, Jul 20, 2012 at 11:58 AM, Henry Story <henry.st...@bblfish.net> wrote: >> Of course, but you seem to want to support hidden legacy systems, that is >> systems none of us know about or can see. It is still a worth while inquiry >> to find out how many systems there are for which this is a problem, if any. >> That is: >> >> a) systems that use non standard internal ip addresses >> b) systems that use ip-address provenance for access control >> c) ? potentially other issues that we have not covered >> >> Systems with a) are going to be very rare it seems to me, and the question >> would be whether they can't really move over to standard internal ip >> addresses. Perhaps IPV6 makes that easy. >> >> It is not clear that anyone should bother with designs such as b) - that's >> bad practice anyway I would guess. > > We know that systems which base their security at least in part on > network topology (are you on a computer inside the DMZ?) are common > (because it's easy).
How many of those would use ip addresses that are not standard private ip addresses? ( Because if they do, then they would not be affected ). Of those that do not, would IPV6 offer them a scheme where they could easily use standard private ip addresses? > > ~TJ Social Web Architect http://bblfish.net/