[arin-ppml] Fairness of banning IPv4 allocations to somecategoryof organization

William Herrin bill at herrin.us
Sat Oct 24 17:38:50 EDT 2009


On Mon, Oct 12, 2009 at 10:58 AM, Randy Bush <randy at psg.com> wrote:
>> No, the historical fact is that we became alarmed by the address
>> consumption for http servers and made a value judgment as a community
>> that the address pool shouldn't support web server names in a 1:1
>> ratio to IP addresses.
>
> if i had been on the internet in those long-forgotten days, i might
> remember it quite differently

Randy,

Quite regardless of what you or I think we remember, Jay Sudowski
found and posted the actual results. I didn't realize that the board
had modified it further, but there it is: precedent in black and white
for declaring a particular use of IP addresses insufficient to
demonstrate need.


>> Https, for example, does not function properly without a different IP
>> address for each hostname because the SSL certificate for the server
>> name must be offered to the browser before the HTTP 1.1 server name is
>> transmitted by the browser.
>
> first, you mean apache, not https.  second, it does work.  been using it
> for years.  you have to be cert smart.


If I meant apache I'd have said apache. Why don't you worry more about
explaining what you mean than you do about explaining what I mean.

Your terse "cert smart" comment is naive at best. Sure there are some
10th percentile solutions down in the technical minutiae that can
share an address but together they don't add up an answer that works
for the most commonly needed setup: distinct keys for distinct web
sites with non-overlapping names, all on TCP port 443 of the same host
today.

RFC 3546's server_name extension to TLS covers this common case but
deployment is far from sufficiently ubiquitous to trust your
e-commerce server to it. Unless of course you live a charmed life in
the jet set where losing a customer or sales opportunity is more a
blow to your pride than your pocketbook.


Look, I'd prefer to see a market decide which uses of IPv4 addresses
are worthwhile and which are not. Markets are generally good at that
sort of thing. Nevertheless, the financial reality is that the IPv4
Internet won't stop growing just because the free pool runs out.
Prudence suggests that we should consider other ways to tear IP
addresses loose from low-value applications so that they can be
available for high-value applications. You know, just in case that
market thing doesn't pan out.

And the lowest of the low-value applications is any that can be
readily accomplished without consuming a public IP address.

Regards,
Bill Herrin


-- 
William D. Herrin ................ herrin at dirtside.com  bill at herrin.us
3005 Crane Dr. ...................... Web: <http://bill.herrin.us/>
Falls Church, VA 22042-3004



More information about the ARIN-PPML mailing list