From: David R Conrad <davidc@iij.ad.jp>
Yeah, there are 2^32 bits of address space, after all.
There are? I always thought there were 32 bits of address space, not 2^32, and the code that I wrote even worked... :)
After all, if we all do our jobs right, maybe someday we can make the firewalls go away....
If we all do our jobs right, it won't matter if someone uses 1597 space. Firewalls will never go away -- they're too useful.
Firewalls are a kludge; they're necessitated only by the lack of strong authentication in the stack. I daresay that if the current level of threat continues to escalate (to quote a friend, "it's a bad neighborhood out there"), I foresee that the need for Joe Everyman to run a firewall will diminish or disappear, and sooner - not later. Now, I won't dispute that there will be some places where either because of legacy systems in house or paranoia they continue to run a firewall. But the 95% solution will be in place, and if they previously chose to use 1597-style addresses, the 95% of the world who decided they didn't need firewalls anymore because of strong authentication will be forced to renumber. I am more than willing to admit that 1597 has its uses, and people who find rfcs 1597 and 1627 on their own, read them, and figure out whether they want to bear the risks and consequences should feel free to use the addresses. That *doesn't* mean, however, that it should be promoted or upgraded from "informational" to "recommended", and I no longer recommend it to "casual" IP users. The concept of globally unique addressing is simply far too powerful and far too useful for us to summarily and without further thought assert that firewalls are a fact of life that will be with us forever. ---Rob