The other point that's been missed here is that the security-by-hiding argument is only part of the story. Stable address space for intermittently connected networks, unambiguous address space for VPNs, and stable identifiers for multihoming, are also needed. Whatever your religion on the hiding argument, these other needs have to be met, and are not met by PA prefixes.
Brian Hans Kruse wrote: > > I fear this discussion is headed in the wrong direction as far as the > decisions in this group. You are of course right that filtering (by > private or public addresses) at a border is not sufficient security. But > it DOES remove some unwanted traffic. Is this relevant to local addressing > -- probably not. However, I have become convinced that some form of local > addressing is required to allow network managers enough flexibility to > solve their design issues. I hope the WG can create these addresses, try > to insure that they won't break things (as SL apparently did), and move on. > > You mileage may (probably will) vary.... > > --On Monday, August 25, 2003 20:36 +0200 Leif Johansson <[EMAIL PROTECTED]> > wrote: > > > By contrast your private address space does not protect your network from > > an attack which violates the basic assumption that there is an inside and > > an outside. The added twist from [EMAIL PROTECTED] and friends is that you no > > longer have to be a network security geek to appreciate this fact. > > Hans Kruse, Associate Professor > J. Warren McClure School of Communication Systems Management > Adjunct Associate Professor of Electrical Engineering and Computer Science > Ohio University, Athens, OH, 45701 > 740-593-4891 voice, 740-593-4889 fax > -------------------------------------------------------------------- > IETF IPng Working Group Mailing List > IPng Home Page: http://playground.sun.com/ipng > FTP archive: ftp://playground.sun.com/pub/ipng > Direct all administrative requests to [EMAIL PROTECTED] > -------------------------------------------------------------------- -- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Brian E Carpenter Distinguished Engineer, Internet Standards & Technology, IBM NEW ADDRESS <[EMAIL PROTECTED]> PLEASE UPDATE ADDRESS BOOK -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------
