Daniel Senie <[EMAIL PROTECTED]> writes: > I just read this new I-D, and am not sure it's a "good thing." My > concern centers around the draft's assumption that there are two types > of environments, public and private, and that it is easy to tell the > difference. I worry that with the increased use of policy routing, > IPSec and such, we might well find cases where the degree of > "publicness" or "privateness" of information is highly dependent on > where a particular station is on the Internet, and what its > authorizations are. > > I could imagine, for example, a user authorized to use a mail > exchanger which is within the protected realm of a company (yet has a > public address which responds only if the remote requests are using > IPSec). Should that user be able to find the address of that machine?
As a data point for this discussion, consider "mirror.aarnet.edu.au" -- it is a large FTP mirror site, available within Australia only. Should the IP address of the host be published in DNS or not? Is it a "public" or "private" host? (Luckily, the MX's are available outside of Australia though.) Maybe one way forward for the draft would be to only "forbid" officially reserved addresses such as 127/8 or 10/8. But this seems to severely limit (my perceived) goal of the draft, so it might not be what you want. I also doubt that anyone who used those addresses in DNS would care about a BCP saying that they shouldn't.
