Pekka,
The document came out of the IAB, while the NAT WG was active, so there was a
lot of diplomacy between the IAB, the IESG, and the NAT WG chairs, to get to
a version of the document that everybody was happy with. Since we don't have
a NAT WG today, that side of it might be easier, but it can very easily become
a religious war.
Brian
Pekka Savola wrote:
>
> Hi,
>
> On Mon, 15 Sep 2003, Brian E Carpenter wrote:
> > I believe RFC 2993 actually covers all the issues (including the one
> > of VPNs between RFC 1918 sites, especially in section 7.6).
>
> Thanks for the pointer. Yes, RFC 2993 seems to cover many aspects which
> seem surprisingly familiar ;-), but I'm not sure if it answers questions
> like : "I want to use NAT or RFC1918 for purpose X. Why shouldn't I do
> it? (Why might I want to do it anyway?) What other feasible ways are
> there to do it without such mechanisms?"
>
> In other words, the document seems to cover the scenarios using a broad
> overview -- it may not be applicable to the most common cases of
> deployment.
>
> But then again, I'll have to go read the RFC in detail.
>
> > Given how difficult it was to get that RFC published, I wonder if it
> > is worth the effort of writing what would efefctively be the same
> > document, but with an emphasis on ambiguity instead of translation.
>
> I can certainly envision how this could turn ugly. Could you elaborate a
> bit on the difficulties that came across?
>
> Pekka
>
> > Pekka Savola wrote:
> > >
> > > Hi,
> > >
> > > Regarding the local addressing debate...
> > >
> > > I had the misfortune to having to participate in a discussion where a
> > > multiple-branch (20-30+) enterprise, which has deployed private addresses
> > > and network-to-network VPN's inside it, wants to start using IPv6.
> > >
> > > I'm wondering whether there exist any educational material why
> > > RFC1918-like addressing is really *NOT* a good idea (or even, list and
> > > evaluate the tradeoffs), and how to get around it. ("If one can state
> > > clearly arguments why they shouldn't be doing it with IPv4, maybe it's
> > > easier to convince them not to do so with IPv6").
> > >
> > > It seems to me that there is a very severe need for a way to enlighten
> > > folks like that if we ever want to be successful..
> > >
> > > http://www.cs.utk.edu/~moore/what-nats-break.html is interesting, but not
> > > focused enough for RFC1918-like addressing itself.
> > >
> > > I.e., what I'd like to see is whether anyone has written up something
> > > regarding either "why local addressing would be a bad idea with IPv6", or
> > > "why local addressing is a bad idea with IPv4", especially from the
> > > security point-of-view.
> > >
> > > btw., one way to probably avoid the two-faced DNS issues with local
> > > addressing is probably to simply use a different naming for internal
> > > commuications like with example.com --> example.internal.
> > >
> > > --
> > > Pekka Savola "You each name yourselves king, yet the
> > > Netcore Oy kingdom bleeds."
> > > Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings
> > >
> > > --------------------------------------------------------------------
> > > IETF IPv6 working group mailing list
> > > [EMAIL PROTECTED]
> > > Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6
> > > --------------------------------------------------------------------
> >
> >
>
> --
> Pekka Savola "You each name yourselves king, yet the
> Netcore Oy kingdom bleeds."
> Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings
>
> --------------------------------------------------------------------
> IETF IPv6 working group mailing list
> [EMAIL PROTECTED]
> Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6
> --------------------------------------------------------------------
--
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Brian E Carpenter
Distinguished Engineer, Internet Standards & Technology, IBM
NEW ADDRESS <[EMAIL PROTECTED]> PLEASE UPDATE ADDRESS BOOK
--------------------------------------------------------------------
IETF IPv6 working group mailing list
[EMAIL PROTECTED]
Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------
