> > Leif Johansson wrote: > > The added protection you get from a private address space > > is isn't worth the bits the configuration is stored in. > > Exactly the same as saying that car locks are not worth having because > they're so easy to open that they don't stop anybody.
nope. he didn't say that perimeter security was useless, he said that using private addressing as a mechanism to enforce perimeter security was useless. - you can accomplish the same thing with global address space and an ACL or other configuration - if private addresses are routable at all (and there are good reasons to make them so) then you need explicit configuration even to block private addresses, so they don't save you anything - given that you really need filters within your network more than at the perimeter, even if you could save that one bit of configuration needed at the perimeter, it wouldn't save you from having to configure the filters within your network - and it's more important to get those right anyway. -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------
