owen at delong.com
Mon Apr 12 01:18:07 EDT 2010
Well said. Even RFC-1918 space can be routed across the global internet due to misconfiguration, so, I fail to see how that can possibly provide the protection described.
Admittedly, the number of misconfigurations increases in inverse proportion to topological proximity, but, nonetheless, lots of routing tables see RFC-1918 space on the global internet due to misconfiguration.
Why would ULA-C or any other "special" prefix be any different?
On Apr 11, 2010, at 7:14 PM, joel jaeggli wrote:
> Oddly, I work for mondo-megacorp and I find it interesting that you're speaking for all entities that fit that category collectively.
> From my vantage point ,the security posture associated with a particular prefix, service or network internal to our administrative domain is defined by requirements not by some intrinsic nature of the prefix.
> George Bonser <gbonser at seven.com> wrote:
>>> -----Original Message-----
>>> From: joel jaeggli [mailto:joelja at bogus.com]
>>> Sent: Sunday, April 11, 2010 6:37 PM
>>> To: George Bonser; mcr at sandelman.ca
>>> Cc: arin-ppml at arin.net
>>> Subject: Re: [arin-ppml] ULA-C
>>> Mondo-megacorp will trivially have enough gua space to address it's
>>> extranet and the cost of aquiring space is negible compared to cost of
>>> deploying anything inside mondo-megacorp.
>> Joel, you missed the point. The do not want their financial backend systems on globally routable address space.
>> They do not want it to even be POSSIBLE that by some kind of misconfiguration, their systems could be reachable from the Internet. So they put it in address space that is impossible to be reached across the public Internet.
> You are receiving this message because you are subscribed to
> the ARIN Public Policy Mailing List (ARIN-PPML at arin.net).
> Unsubscribe or manage your mailing list subscription at:
> Please contact info at arin.net if you experience any issues.
More information about the ARIN-PPML