Re: [arch-d] Treating "private" address ranges specially

Brian, *:

a) +1

b) Maybe the reasons for what Brian is saying are not as obvious to hose working primarily
   at the app layer, so le me quickly add a bit of explanation: 

   rfc1918/ULA addresses may be as "global Internet" in reachability as "global scope" IP/IPv6
   addresses because of NAT (let's assume BEHAVE compatible applications and NATs to avoid getting
   sucked into a discussion about the "evilness&limitations" of NAT).

   Whereas in IPv4, rfc1988 addresses are often used this way due to address space limitations,
   in IPv6, ULA is likely used similarily just to have fixed addresses in all those cases where
   you do not have PI address space and just don't want to spend the money on renumbering
   when you change SP or multi-source address selection when you have PD addresses with
   redundancy.

   Aka: expect to create a huge amount of blowback of browsers starting to behave differently
   for those cases in companies or in homes where this happens.

   Likewise, just because you may use global-scope addresses (especially in IPv6), you
   as easily may have carved out address semantics for more limited scopes. Likely applicable
   to any larger organization that has PI address space and is not running out of it.
   See "firewalls".

c) There is actually (IMHO) a good discussion that should be had abouut how browser security could
   better support the needs of limited domains (rfc8799), but i fear the mayority of contributors
   to w3c / browser security in ietf still think everything required is just what fits the global
   Internet web-pki and Internet cloud services centric browser security architecture we have today.

Cheers
    Toerless

On Thu, Apr 01, 2021 at 09:27:05AM +1300, Brian E Carpenter wrote:
> Hi,
> 
> On 31-Mar-21 22:07, Ted Hardie wrote:
> 
> <snip>
> 
> > The document's description of the address space architecture is:
> > 
> > 
> >       2.1. IP Address Space
> > 
> > Every IP address belongs to an IP address space, which can be one of three different values:
> > 
> >  1. local: contains the local host only. In other words, addresses whose target differs for every device.
> > 
> >  2. private: contains addresses that have meaning only within the current network. In other words, addresses whose target differs based on network position.
> > 
> >  3. public: contains all other addresses. In other words, addresses whose target is the same for all devices globally on the IP network.
> 
> The problem is that this classification is worse than heresy; it's nonsense.
> 
> 1) local. That seems trivially true (assuming that it covers virtual hosts, not just physical ones). Or is it? If a device has multiple interfaces (physical or virtual) which might lie in different administrative domains, each of which has several IP addresses, including but not limited to loopback addresses, are they all equally "local"?
> 
> 2) private. There is no definition of "private" address in any IETF document. There is no way of looking at the bits in an address and determining that it's private, because there's no definition of private.
> 
> 3) public. Ditto. Globally reachable != public. "Globally reachable" itself is an over-simplification. See recent very loud discussions in IPv6-land about ULA addresses.
> 
> The attempt to use the IANA registry to determine things that are undefined is just nonsense. It's an attempt to over-simplify something that is inherently complex. The ground truth about address scope exists only in the entire Internet's routing tables, and simply *cannot* be deduced from the bits in an address.
> 
> BTW, whoever designed the Python ipaddress module got this wrong too.
> 
> So IMHO this whole effort is fundamentally misguided and should be scrapped.
> 
>    Brian
> 
> _______________________________________________
> Architecture-discuss mailing list
> Architecture-discuss@ietf.org
> https://www.ietf.org/mailman/listinfo/architecture-discuss

-- 
---
tte@cs.fau.de