Re: Arguing against using public IP space

[Michael Sinatra <michael () rancid berkeley edu>]

On 11/15/11 09:15, William Herrin wrote:
> On Mon, Nov 14, 2011 at 7:35 PM, Jeroen van Aart<jeroen () mompl net>  wrote:
> > William Herrin wrote:
> > > If your machine is addressed with a globally routable IP, a trivial
> > > failure of your security apparatus leaves your machine addressable
> > > from any other host in the entire world which wishes to send it
> >
> > Isn't that the case with IPv6? That the IP is addressable from any host in
> > the entire (IPv6) world? And isn't that considered a good thing?
>
> Hi Jeroen,
>
> Yes, according to almost every application developer asked it's a good thing.
>
> Me? I'm not so sure. Historically, enterprises moved away from global
> addressability even when IP addresses were free, *before* address
> scarcity became an issue. There's a lesson in there somewhere and I'm
> not convinced it's that "they were dumb."

> And make no mistake: successful security is about layers, about DEPTH.
> You can seek layers from other sources but a shallow security process
> will tend to be easily breached.

Hi Bill:

I am not sure if the enterprises were dumb for doing private address 
space, but I have a few hints that they might have been. (E.g. there's a 
*lot* of RFC1918 space out there.  Why does the overwhelming majority 
use 192.168.0.0/24 or 192.168.1.0/24 or 10.0.0.0/24?)

But what definitely *is* dumb is are the following two axioms, at least 
one of which is expressed in the article:

1. You need NAT/private ip address space to have security.

2. Once you have NAT/private ip address space, you have security.

On the surface those axioms clearly violate your notion of security 
layers and they clearly violate common sense.  Yet we find them lurking 
just beneath the surface, including in the debate about the utility of 
IPv6 ULAs, as well as in the article.

michael