On Wed, 29 Dec 2010 21:34:47 +0100 Matthias Leisi <matth...@leisi.net> wrote:
> It's not certain that ISPs will always allocate /64. Some may allocate > /56 or something entirely different, Bigger than /64 is no problem. > and shared hosting providers may > allocate smaller ranges to their customers (why not an individual IP > to each customer?). Because then your routing table gets insane. > And so on: Regardless of allocation policy, a protocol must support > varying netmask lengths. Specifying "/64 only" or "/128 only" is not > going to work. Limiting the granularity of a whitelist to a /64 seems pretty reasonable to me. And if you're on a network where some hosts in the /64 are good and some are bad... then tough luck; you don't get whitelisted. Pick a provider with a sane allocation policy. :) > For dnswl.org, I see situations where we will use an > ISP-provided-to-an-enduser range (/64 or whatever), and others where > we will have smaller ranges (down to /128s, and possibly something in > between /64 and /128). If dnswl.org and others announced that (1) they would whitelist only to the granularity of a /64 and (2) any providers that put different customers in the same /64 would be ineligible for whitelisting, economics would quickly move providers to allocating at least a /64 to each customer. http://tools.ietf.org/html/rfc3177 allows for assignment of a /128, but only under quite restricted circumstances. See "3. Address Delegation Recommendations" in that RFC. (Yes, it's only informational, but it should still carry a fair amount of weight.) Regards, David.
