On 28-Sep-2007, at 1516, Dean Anderson wrote:
Not widely supported in clients. Therefore, not a solution.
In fact, it's quite feasible in operating systems which can run a
local instance of (say) BIND9. It would be fair to say that
installing and configuring BIND9 on an average laptop is far beyond
the abilities of the average laptop owner, but that's presumably just
a matter of packaging.
VPN are another solution, although not mentioned in the I-D, may be
because it is obvious.
Maybe its not mentioned because its not a practical solution. But
whatever the reason it isn't mentioned, a 25 million user VPN is not
going to happen with 10/8.
Well, that depends on what you mean by "VPN". If you mean "a hub and
spoke topology of tunnels, all concentrated centrally" then yeah,
that sounds like a bit of a stretch. If you mean "use of AH in
queries sent towards a resolver which is configured somehow to
discard packets that are not authentic" then I suspect there are ways
to make that scale, even for quite large client populations.
(I might choose to incorporate anycast into such a design. You,
presumably, would not. :-)
A comcast person recently complained on PPML
that there wasn't enough RFC1918 space for their internal network.
I have heard such reports from Comcast in various forums. I have no
reason to doubt them. I do not think that is especially pertinent to
the question at hand, however.
Joe
_______________________________________________
Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf