RE: Why Scopes? (was: Re: [saad] About saad)

"Michel Py" <michel@arneill-py.sacramento.ca.us> Fri, 17 October 2003 21:58 UTC

Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA25966 for <saad-archive@odin.ietf.org>; Fri, 17 Oct 2003 17:58:20 -0400 (EDT)
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1AAcbh-0005QH-JP for saad-archive@odin.ietf.org; Fri, 17 Oct 2003 17:58:01 -0400
Received: (from exim@localhost) by www1.ietf.org (8.12.8/8.12.8/Submit) id h9HLw1Ij020839 for saad-archive@odin.ietf.org; Fri, 17 Oct 2003 17:58:01 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1AAcbh-0005Q2-ET for saad-web-archive@optimus.ietf.org; Fri, 17 Oct 2003 17:58:01 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA25963 for <saad-web-archive@ietf.org>; Fri, 17 Oct 2003 17:57:50 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 1AAcbe-00021o-00 for saad-web-archive@ietf.org; Fri, 17 Oct 2003 17:57:58 -0400
Received: from ietf.org ([132.151.1.19] helo=optimus.ietf.org) by ietf-mx with esmtp (Exim 4.12) id 1AAcbe-00021l-00 for saad-web-archive@ietf.org; Fri, 17 Oct 2003 17:57:58 -0400
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1AAcbg-0005Pf-JO; Fri, 17 Oct 2003 17:58:00 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1AAcbY-0005PN-I2 for saad@optimus.ietf.org; Fri, 17 Oct 2003 17:57:52 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA25960 for <saad@ietf.org>; Fri, 17 Oct 2003 17:57:41 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 1AAcbV-00021i-00 for saad@ietf.org; Fri, 17 Oct 2003 17:57:49 -0400
Received: from adsl-209-233-126-65.dsl.scrm01.pacbell.net ([209.233.126.65] helo=arneill-py.sacramento.ca.us) by ietf-mx with esmtp (Exim 4.12) id 1AAcbV-00021Z-00 for saad@ietf.org; Fri, 17 Oct 2003 17:57:49 -0400
Content-class: urn:content-classes:message
Subject: RE: Why Scopes? (was: Re: [saad] About saad)
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Date: Fri, 17 Oct 2003 14:57:19 -0700
Content-Transfer-Encoding: quoted-printable
Message-ID: <DD7FE473A8C3C245ADA2A2FE1709D90B06C66C@server2003.arneill-py.sacramento.ca.us>
X-MimeOLE: Produced By Microsoft Exchange V6.5.6944.0
Thread-Topic: Why Scopes? (was: Re: [saad] About saad)
thread-index: AcOU3ej23AdhnuHwQ7OFDCJHEHVSwQAGldQg
From: "Michel Py" <michel@arneill-py.sacramento.ca.us>
To: "Melinda Shore" <mshore@cisco.com>, "James Kempf" <kempf@docomolabs-usa.com>
Cc: <saad@ietf.org>
Content-Transfer-Encoding: quoted-printable
Sender: saad-admin@ietf.org
Errors-To: saad-admin@ietf.org
X-BeenThere: saad@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/saad>, <mailto:saad-request@ietf.org?subject=unsubscribe>
List-Id: Scope Addressing Architecture Discussion <saad.ietf.org>
List-Post: <mailto:saad@ietf.org>
List-Help: <mailto:saad-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/saad>, <mailto:saad-request@ietf.org?subject=subscribe>
Content-Transfer-Encoding: quoted-printable
Content-Transfer-Encoding: quoted-printable

Melinda,


> Melinda Shore wrote:
> I've talked to a very large number of people about this
> (or rather why they use NATs, which is a slightly
> different question),

Indeed.

> and the most common reasons are:
> 1) don't want to buy more addresses
> 2) simplification of network management/renumbering
> 3) security/firewalling/unreachability

Yes. I just posted a more detailed analysis along the same lines.


> The reality is that some large number of users, including
> some users who consider themselves relatively expert
> (network administrators, etc.) don't want their hosts to
> be reachable by default but they do want them to be able
> to initiate connections themselves. I'm not sure there's
> a good answer to this question, since the users' wishes
> are incompatible with the IETF's working assumptions
> about reachability.

IMHO the answer to this is a firewall, not scoping. I just raised this
question: should scoping provide firewall features or not? IMHO no
because these are two different issues.

Since we don't want NATv6, the requirement that hosts should be able to
access the outside implies that their scope must be compatible with
doing so. If these hosts must be protected from the outside when they
are not initiating the connection, this function shall be provided by a
firewall.

Yes, firewalls are a PITA because they build hard state, and hard state
is evil and distributed hard state is worse, but I don't think this is a
topic for this list.

Michel.


_______________________________________________
Saad mailing list
Saad@ietf.org
https://www1.ietf.org/mailman/listinfo/saad