Great Circle Associates Firewalls
(June 1994) 		 
Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]
Subject: Re: RFC 1597
From: dcrocker @ mordor . stanford . edu (Dave Crocker)
Date: Wed, 15 Jun 1994 21:18:49 -0700
To: John Hawkinson <jhawk @ panix . com>
Cc: andras @ is . co . za (Andras Salamon), firewalls @ GreatCircle . COM 
At 6:40 PM 6/15/94, John Hawkinson wrote:
>It is not anysuch thing. All it means is that if YOU elect to use one
>of those networks, it is YOUR responsibility to make sure that you do
>not announce that network to the Internet. It imposes no requirements
>on anyone else.

But that is true now.  If you choose to have private IP numbers, you must
not pass them on to the general Internet.

RFC1597 attempts to institutionalize this, in the theory that the rest of
us can predict and be assured that you will use ONLY those assigned private
numbers.  Since that is an entirely unsafe assumption, RFC1597 is inclined
to lull us into taking a 'filter only this small set' approach rather than
'pass only this small set'.  I.e., the backbone routers should allow
through only those IP numbers that are known to be safe, rather than filter
only those known to be unsafe.


Dave

+1 408 246 8253  (fax:  +1 408 249 6205)
Follow-Ups:
Indexed By Date Previous: Re: Notes from Usenix Firewall BOF
From: ajl @ Orion . MC . Duke . EDU (Arne J. Ludwig)
Next: Re: RFC 1597
From: John Hawkinson <jhawk @ panix . com>
Indexed By Thread Previous: Re: RFC 1597
From: John Hawkinson <jhawk @ panix . com>
Next: Re: RFC 1597
From: John Hawkinson <jhawk @ panix . com>
Google
 
Search Internet Search www.greatcircle.com