Thread-topic: Why Scopes? (was: Re: [saad] About saad)
Melinda,
> Melinda Shore wrote:
> I've talked to a very large number of people about this
> (or rather why they use NATs, which is a slightly
> different question),
Indeed.
> and the most common reasons are:
> 1) don't want to buy more addresses
> 2) simplification of network management/renumbering
> 3) security/firewalling/unreachability
Yes. I just posted a more detailed analysis along the same lines.
> The reality is that some large number of users, including
> some users who consider themselves relatively expert
> (network administrators, etc.) don't want their hosts to
> be reachable by default but they do want them to be able
> to initiate connections themselves. I'm not sure there's
> a good answer to this question, since the users' wishes
> are incompatible with the IETF's working assumptions
> about reachability.
IMHO the answer to this is a firewall, not scoping. I just raised this
question: should scoping provide firewall features or not? IMHO no
because these are two different issues.
Since we don't want NATv6, the requirement that hosts should be able to
access the outside implies that their scope must be compatible with
doing so. If these hosts must be protected from the outside when they
are not initiating the connection, this function shall be provided by a
firewall.
Yes, firewalls are a PITA because they build hard state, and hard state
is evil and distributed hard state is worse, but I don't think this is a
topic for this list.
Michel.
_______________________________________________
Saad mailing list
Saad@ietf.org
https://www1.ietf.org/mailman/listinfo/saad
