<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:x="urn:schemas-microsoft-com:office:excel" xmlns:p="urn:schemas-microsoft-com:office:powerpoint" xmlns:a="urn:schemas-microsoft-com:office:access" xmlns:dt="uuid:C2F41010-65B3-11d1-A29F-00AA00C14882" xmlns:s="uuid:BDC6E3F0-6DA3-11d1-A2A3-00AA00C14882" xmlns:rs="urn:schemas-microsoft-com:rowset" xmlns:z="#RowsetSchema" xmlns:b="urn:schemas-microsoft-com:office:publisher" xmlns:ss="urn:schemas-microsoft-com:office:spreadsheet" xmlns:c="urn:schemas-microsoft-com:office:component:spreadsheet" xmlns:odc="urn:schemas-microsoft-com:office:odc" xmlns:oa="urn:schemas-microsoft-com:office:activation" xmlns:html="http://www.w3.org/TR/REC-html40" xmlns:q="http://schemas.xmlsoap.org/soap/envelope/" xmlns:rtc="http://microsoft.com/officenet/conferencing" xmlns:D="DAV:" xmlns:Repl="http://schemas.microsoft.com/repl/" xmlns:mt="http://schemas.microsoft.com/sharepoint/soap/meetings/" xmlns:x2="http://schemas.microsoft.com/office/excel/2003/xml" xmlns:ppda="http://www.passport.com/NameSpace.xsd" xmlns:ois="http://schemas.microsoft.com/sharepoint/soap/ois/" xmlns:dir="http://schemas.microsoft.com/sharepoint/soap/directory/" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:dsp="http://schemas.microsoft.com/sharepoint/dsp" xmlns:udc="http://schemas.microsoft.com/data/udc" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:sub="http://schemas.microsoft.com/sharepoint/soap/2002/1/alerts/" xmlns:ec="http://www.w3.org/2001/04/xmlenc#" xmlns:sp="http://schemas.microsoft.com/sharepoint/" xmlns:sps="http://schemas.microsoft.com/sharepoint/soap/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:udcs="http://schemas.microsoft.com/data/udc/soap" xmlns:udcxf="http://schemas.microsoft.com/data/udc/xmlfile" xmlns:udcp2p="http://schemas.microsoft.com/data/udc/parttopart" xmlns:wf="http://schemas.microsoft.com/sharepoint/soap/workflow/" xmlns:dsss="http://schemas.microsoft.com/office/2006/digsig-setup" xmlns:dssi="http://schemas.microsoft.com/office/2006/digsig" xmlns:mdssi="http://schemas.openxmlformats.org/package/2006/digital-signature" xmlns:mver="http://schemas.openxmlformats.org/markup-compatibility/2006" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns:mrels="http://schemas.openxmlformats.org/package/2006/relationships" xmlns:spwp="http://microsoft.com/sharepoint/webpartpages" xmlns:ex12t="http://schemas.microsoft.com/exchange/services/2006/types" xmlns:ex12m="http://schemas.microsoft.com/exchange/services/2006/messages" xmlns:pptsl="http://schemas.microsoft.com/sharepoint/soap/SlideLibrary/" xmlns:spsl="http://microsoft.com/webservices/SharePointPortalServer/PublishedLinksService" xmlns:Z="urn:schemas-microsoft-com:" xmlns:st="" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=Content-Type content="text/html; charset=utf-8">
<meta name=Generator content="Microsoft Word 12 (filtered medium)">
<style>
<!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";
color:black;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0in;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";
color:black;}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:Consolas;
color:black;}
span.EmailStyle19
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page Section1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.Section1
{page:Section1;}
-->
</style>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body bgcolor=white lang=EN-US link=blue vlink=purple>
<div class=Section1>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>I agree at a fundamental level that prefix doesn’t matter. And I
will always add block for that space at my edge. But it is just another tool
in the box.<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>I wan’t meaning that anyone should “rely” on the prefix for
security, I meant that it was another added layer to help protect you.<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<div style='border:none;border-left:solid blue 1.5pt;padding:0in 0in 0in 4.0pt'>
<div>
<div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'>
<p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif";
color:windowtext'>From:</span></b><span style='font-size:10.0pt;font-family:
"Tahoma","sans-serif";color:windowtext'> arin-ppml-bounces@arin.net
[mailto:arin-ppml-bounces@arin.net] <b>On Behalf Of </b>Eliot Lear<br>
<b>Sent:</b> Sunday, April 11, 2010 10:28 PM<br>
<b>To:</b> Owen DeLong<br>
<b>Cc:</b> arin-ppml@arin.net<br>
<b>Subject:</b> Re: [arin-ppml] ULA-C<o:p></o:p></span></p>
</div>
</div>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>As one of the authors of that document, much as I am no
great fan, I have to say that no matter how hard we try, we have great
difficulty convincing people that the prefix doesn't matter. And there is
some reason to believe that a well know prefix does matter, because it is easy
for administrators (either side of the demarc) to install filters on well known
prefixes, and at least some do.<br>
<br>
My big issue with all of this is that by the time you're done with a
registration service that might offer reverse DNS (is that what we're saying?),
those filters are really the only difference between ULA-C and PI; and the
actually necessity for them, as far as the SPs other customers are concerned,
is considerably lessened since the spaces don't overlap.<br>
<br>
Eliot<br>
<br>
On 4/12/10 7:18 AM, Owen DeLong wrote: <o:p></o:p></p>
<pre>Well said. Even RFC-1918 space can be routed across the global internet due to misconfiguration, so, I fail to see how that can possibly provide the protection described.<o:p></o:p></pre><pre><o:p> </o:p></pre><pre>Admittedly, the number of misconfigurations increases in inverse proportion to topological proximity, but, nonetheless, lots of routing tables see RFC-1918 space on the global internet due to misconfiguration.<o:p></o:p></pre><pre><o:p> </o:p></pre><pre>Why would ULA-C or any other "special" prefix be any different?<o:p></o:p></pre><pre><o:p> </o:p></pre><pre>Owen<o:p></o:p></pre><pre><o:p> </o:p></pre><pre>On Apr 11, 2010, at 7:14 PM, joel jaeggli wrote:<o:p></o:p></pre><pre><o:p> </o:p></pre>
<blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><pre>Oddly, I work for mondo-megacorp and I find it interesting that you're speaking for all entities that fit that category collectively. <o:p></o:p></pre><pre><o:p> </o:p></pre><pre>>From my vantage point ,the security posture associated with a particular prefix, service or network internal to our administrative domain is defined by requirements not by some intrinsic nature of the prefix.<o:p></o:p></pre><pre><o:p> </o:p></pre><pre>George Bonser <a
href="mailto:gbonser@seven.com"><gbonser@seven.com></a> wrote:<o:p></o:p></pre><pre><o:p> </o:p></pre>
<blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><pre><o:p> </o:p></pre><pre><o:p> </o:p></pre>
<blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><pre>-----Original Message-----<o:p></o:p></pre><pre>From: joel jaeggli [<a
href="mailto:joelja@bogus.com">mailto:joelja@bogus.com</a>]<o:p></o:p></pre><pre>Sent: Sunday, April 11, 2010 6:37 PM<o:p></o:p></pre><pre>To: George Bonser; <a
href="mailto:mcr@sandelman.ca">mcr@sandelman.ca</a><o:p></o:p></pre><pre>Cc: <a
href="mailto:arin-ppml@arin.net">arin-ppml@arin.net</a><o:p></o:p></pre><pre>Subject: Re: [arin-ppml] ULA-C<o:p></o:p></pre><pre><o:p> </o:p></pre><pre>Mondo-megacorp will trivially have enough gua space to address it's<o:p></o:p></pre><pre>extranet and the cost of aquiring space is negible compared to cost of<o:p></o:p></pre><pre>deploying anything inside mondo-megacorp.<o:p></o:p></pre><pre><o:p> </o:p></pre><pre>Joel<o:p></o:p></pre><pre><o:p> </o:p></pre></blockquote>
<pre><o:p> </o:p></pre><pre>Joel, you missed the point. The do not want their financial backend systems on globally routable address space.<o:p></o:p></pre><pre><o:p> </o:p></pre><pre>They do not want it to even be POSSIBLE that by some kind of misconfiguration, their systems could be reachable from the Internet. So they put it in address space that is impossible to be reached across the public Internet.<o:p></o:p></pre><pre><o:p> </o:p></pre><pre><o:p> </o:p></pre><pre><o:p> </o:p></pre><pre><o:p> </o:p></pre><pre><o:p> </o:p></pre></blockquote>
<pre>_______________________________________________<o:p></o:p></pre><pre>PPML<o:p></o:p></pre><pre>You are receiving this message because you are subscribed to<o:p></o:p></pre><pre>the ARIN Public Policy Mailing List (<a
href="mailto:ARIN-PPML@arin.net">ARIN-PPML@arin.net</a>).<o:p></o:p></pre><pre>Unsubscribe or manage your mailing list subscription at:<o:p></o:p></pre><pre><a
href="http://lists.arin.net/mailman/listinfo/arin-ppml">http://lists.arin.net/mailman/listinfo/arin-ppml</a><o:p></o:p></pre><pre>Please contact <a
href="mailto:info@arin.net">info@arin.net</a> if you experience any issues.<o:p></o:p></pre></blockquote>
<pre><o:p> </o:p></pre><pre>_______________________________________________<o:p></o:p></pre><pre>PPML<o:p></o:p></pre><pre>You are receiving this message because you are subscribed to<o:p></o:p></pre><pre>the ARIN Public Policy Mailing List (<a
href="mailto:ARIN-PPML@arin.net">ARIN-PPML@arin.net</a>).<o:p></o:p></pre><pre>Unsubscribe or manage your mailing list subscription at:<o:p></o:p></pre><pre><a
href="http://lists.arin.net/mailman/listinfo/arin-ppml">http://lists.arin.net/mailman/listinfo/arin-ppml</a><o:p></o:p></pre><pre>Please contact <a
href="mailto:info@arin.net">info@arin.net</a> if you experience any issues.<o:p></o:p></pre><pre><o:p> </o:p></pre>
<p class=MsoNormal><o:p> </o:p></p>
</div>
</div>
</body>
</html>