|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Spam Control Considered Harmful
Peter Galbavy <[email protected]> writes: While I agree that a good technical goal is to have a pair like (wonderland.demon.co.uk, www) map to the http daemon on Peter's box, and continuously push to make that a reality, the appropriate way of doing this is to consider the pair to be an endpoint address which maps to different numbers that change relative to time and topology. That is, with some enhancements to the DNS and deployment of evolving NAT technology, how Demon allocates addresses locally will be Demon's business, and what those addresses look like here likely will be different. (Ignoring the fact that it could be redirected to a cache --:) ) MOreover, if Peter changes his location in the Internet the numbers will be different again, but the pair above will continue to map to his http daemon. > Security based on IP address. Here I disagree, not only for the obvious reason that forgery is easy, but also because basing anything on IP address that does not involve looking back up through the DNS (which is also not yet safe) is incompatible with NAT. Addresses change over time and over space. > I reiterate. It is not a waste. What is a waste is people like > Interop having an entire class A, like PSInet having a class A, > like MIT ... fill in the blanks. They just got their first, but I > cannot see anyone rushing to return them. Right. I want to NAT them. Anything bounded by NATs can use whatever address allocation scheme it likes, even to the extent of using the same IP addresses in use elsewhere in the concatenated Internet. Sean.
|