[arin-ppml] An article of interest to the community....

[Chris Engel]

> 
> 
> 
> >When STLS was being developed, the AC was very careful to specify that
> >merely listing resources for sale on STLS or through another medium was
> >not in itself to subject a resource holder to a section 12 review or any
> >procedure for revocation. Neither, however, was such listing intended to
> >provide a safe harbor against ARIN proceeding with any such action
> >based on other independent data or investigation.
> 
> >In other words, while we don't want listing your addresses to flag you for
> >an audit, we also don't want to create a situation where merely listing
> >addresses gives you an exemption from policy.
> 
> >Owen
> 
> 
> Hi Owen,
> 
> In the real world, the real corporate world at least, the idea of every
> workstation having a real public IP address went away more than a decade
> ago
> for the most part.
> Same thing in the residential world.
> In fact, my guess is that you would only see such profligate use of IP
> addresses in public or academic environments.
> 

I can't speak for the residential or academic world but in the corporate world this rings true to my experience. We do business with alot of Fortune 1000's and a fair number of them put you through a security review/audit in order to qualify you as a vendor. Almost every one I've been through has a control to the effect of "Your company must utilize NAT & RFC1918 space" .  If you don't do that, you fail the control and possibly the audit. Whether you agree with it or not, it IS an accepted standard in enterprise security these days.

Chris Engel