On May 3, 2010, at 09:00, Chris Engel wrote: > > [...] Under RISP (unless I understand it wrong) the PA address IS actualy > bound on the end device itself and IS exposed to external sources [...]
Under RSIP, as with NAT, no private addresses are exposed to the external address realm, unless the private host does so at the application layer. Yes, with RSIP, the public address is bound at the endpoint host instead of inside the NAT gateway. Why this should make any kind of difference to you is a mystery to me-- I'll be polite and keep my speculations to myself. > ... it's just that the duration of that assignment is limited. Furthermore, > in order to be practicaly useful, RISP must have some sort of out-of-band > registry that largely obviates much of the obscurity it might otherwise > provide. The RSIP protocol is intended to run over a secured private network. No external hosts need be aware that you have deployed RSIP hosts and corresponding gateways. Your internal network topology remains completely obscured unless your private hosts leak information--- which NAT cannot prevent them from leaking either. > Finally, to the degree that it does provide a level of obscurity....it does > cause many of the same sort of side effects that NAT does. Like what? (And, from your point of view, are these side effects desirable or undesirable?) [*] > On a more fundemental level, the goals of "transparency" and "end-to-end > reachabilty" that seem to be part of the guideing principles that the > designers of IPv6 built into thier work is anthetical to the goals of many of > the people actualy using the internet. Many people don't want thier networks > to be perfectly "transparent"...they want them to be quite opaque in > fact....and they don't want thier end devices (in general) to be perfectly > reachable. Unless that diversity of goals is recognized and accounted for... You say, to the guy who's been editing I-D.ietf-v6ops-cpe-simple-security for the last three years. Situation awareness FAIL. > IPv6 is destined to remain the "New Coke" of it's generation. Is that what this is about? You're afraid we're going to take your "Classic Coke" off the market? As if we could do that? As if *anybody* could do that? That's absurd. ---- [*] These questions seem actually On Topic for the NAT66 list. I'm genuinely interested in seeing a response to them. The rest of this message is an attempt to clear some misunderstandings about RSIP and my animating motivations here. -- james woodyatt <[email protected]> member of technical staff, communications engineering _______________________________________________ nat66 mailing list [email protected] https://www.ietf.org/mailman/listinfo/nat66
