Anonymity...is it justification???
On 2002-08-08 15:43:05 -0700, Jill Kulpinski wrote:
> > So, is the requirement from a business perspective to mask one's
> > address through IP randomization of different forms appropriate to
> > accept? I am having a hard time knowing where to draw the line at
> > saying 'nope...not good justification'. I get the response from
> > Prospects that they can not do business without being able to appear
> > anonymous and I do not necessarily feel okay with then telling them
> > good-bye or recommending a different business. We have been working
> > to come up with alternative options for these Customers, but then it
> > gets to the point of almost designing their network architecture and
> > systems which was not the aim. Does the community have any
> > suggestions on technology available that can provide anonymity
> > without using a mass amount or dis-contiguous addresses? What are
> > the thoughts regarding this idea for justification of address space?
> > Is there an ARIN policy that applies at this time? If not, do we
> > need to develop one?
The ethical implications of bypassing the ability of people to put "no
solicitor" signs on their doors aside, I think doing this via network
allocations has two problems:
1. You're going to totally hose the routing table. Reducing the
Internet into /24's is bad enough, I shudder to think of shifting to
2. It's a hack, and doesn't *really* do what people want. It will
require sysadmins and network administrators be more sophisticated in
their analysis, better tools, and so on. But in the end the
information is still public, in the ARIN (or RIPE or APNIC) database.
There was a talk at the Ottowa Linux Symposium on IP Anonymity, even
with some software:
The idea here is to create a mesh of IP tunnels, using peer-to-peer
techniques. If a largish ISP with non-congiguous space allocations, or
a small group of ISP's, were to set this up as a service for their
customers, I think that would be a better long-term solution. It
wouldn't hose the routing table, and would be very, very difficult
indeed to determine the "real" origin of a packet.