Hello Fernando,
So it sounds reasonable to you that in a event every participant to have a public Public IPv4 address in times of IPv4 scarcity ? That sounds more as a luxury in my view.
It's not a luxury, it's a necessity to facilitate basic and simple internet access for conference/event attendees. If network admins for these types of events deem it appropriate to utilise CGNAT or 464XLAT they are welcome to do so. This policy is designed to assist those who believe it more appropriate to assign public IP space to attendees.
It does not sound smart to whilelist an address in order to allow someone to work remotely
It is far more insecure to whitelist a public IP address that sits in front of a NAT gateway which serves 100's of attendees.
This sounds so manual and archaic in times where there is little effort to have a VPN in place.
While some may find it easy to build an OpenVPN server as an example, to properly integrate it and implement may be a challenge. People may not have the technological skillset or expertise to deploy a secured VPN gateway into their networks for remote management and whitelisting a single public IP address may be in their view the most viable (and secure) option available.
Justifying that "not everyone is able to have a VPN" and may need to whitelist addresses sounds unreasonable and unrealistic, specially in a internet industry area.
I don't know what's unreasonable or unrealistic about people's inability to deploy, manage and operate VPN infrastructure. Not everyone has the technical ability or skillset to deploy such infrastructure. These types of events should have the ability to allow for a somewhat secure method of access, in this case through whitelisting public IP addresses allocated to a specific endpoint.
It is not necessary to ensure that all are able, but mostly are and it is reasonable to think that most people who have a decent IT department have VPN access in order to work remotely.
While it would be a resonable assumption to believe that those who have larger networks would already have this infrastructure in place, one of the ideas to this proposal is to allow for all users to be able to access the internet and their own networks in whatever method they deem appropriate, not just those who have the infrastructure in place to support VPN access. While it is possible for an attendee to whitelist a public IP address that is used on a NAT gateway from a network security perspective it's not smart or wise to do so for an address on a network that serves 100's of people.
Regards,
Christopher Hawker
_______________________________________________ SIG-policy - https://mailman.apnic.net/[email protected]/ To unsubscribe send an email to [email protected]
