[arin-ppml] Draft Policy ARIN-2020-2: Grandfathering of Organizations Removed from Waitlist by Implementation of ARIN-2019-16
Owen DeLong
owen at delong.com
Tue Jan 19 17:19:03 EST 2021
> On Jan 17, 2021, at 12:00 PM, Chris Woodfield <chris at semihuman.com> wrote:
>
> Obviously this thread is going somewhat off-topic and my reply isn’t going to help matters - the idea that peer to peer is useless is a factor, but it’s more than that - it’s the fact that the vast majority of customers, service providers, and operators have come to view NAT and the use of private space as a form of security perimeter, and that allowing internal hosts/networks to be numbered from globally-routable space represents a security risk.
>
> You, I, and most of the people reading PPML know that mindset is completely fallacious, but it’s quite pervasive and takes quite a bit of education to disabuse otherwise quite savvy operators of this notion.
Yep… I’ve done a lot of that reeducation over the years. It amazes me the number of people who have trouble separating stateful inspection from NAT and just can’t wrap their heads around the idea that you can still do stateful inspection even if you don’t mutilate the packet header in the process.
> It’s interesting that a lot of IPv6 evangelism that I’ve seen over the years doesn’t address this concern - IMO we should be spending quite a bit of energy fighting that mindset.
I’ve tried as best I can to address it head on each and every time it comes up. I haven’t figured out
a way to be proactive about addressing it that doesn’t come off as antagonistic, patronizing, or confrontational (sometimes I even hit all 3), so suggestions there are welcome.
In fact, I argue that lack of address transparency is contrary to good security because it breaks the continuity of audit trails and makes it harder to identify miscreants and compromised systems.
Owen
>
> -C
>
>> On Jan 15, 2021, at 11:39 PM, Owen DeLong <owen at delong.com <mailto:owen at delong.com>> wrote:
>>
>> The biggest problem surrounding IPv4 is this idea that peer to peer is useless and we should all accept the idea of provider/supplicant and second class citizens.
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.arin.net/pipermail/arin-ppml/attachments/20210119/689b5411/attachment.htm>
More information about the ARIN-PPML
mailing list