Right, but since each border router off of the public Internet can't advertise anything smaller than /24 (would *your* router accept an advertisement for 3.0.0.0/27?), each seperate office needs at least a /24. Yeah, NAT can take care of the internal addressing, but you're still stuck with the fact that you "only" can have 256 seperate border routers.
Well, figure that there is going to be some level of proxy service going on for those who do access web pages and whatnot so its unlikely that there would be less than a class C used at each location in actuallity. Plus figure that the only thing that needs to be visible is the /30 allocated from the upstream for the link, technically, there doesn't need to be *any* public addresses in an office.
Not to discount valid use of addresses, simply pointing out that if one wanted to restrict themselves, its quite possible. I doubt anyone would want to put themselves through this in the real game, but...
I think this still has operational content, because justifying address space is a reasonably day-to-day real-world requirement. Perhaps PAGAN might be more appropriate, but it seems to have gone into intergalactic space. We have been making an assumption about being able to hold address space behind address-translating gateways, be they full firewalls or NAT boxes. At the IETF NAT meeting this month, Bob Moskowitz, among others, pointed out this assumption runs counter to trends in large enterprises to use end-to-end encrypted tunnels. If the firewall, etc., is not trusted with the cryptosystem, then it can't do address translation involving such things as TCP checksums. Widespread deployment of IPsec, as I understand it, is likely to increase greatly the need for public address space.