On Thu, 29 Apr 2010 10:33:02 +1000 Mark Andrews <ma...@isc.org> wrote:
> > In message <a3f2ff6f-afe3-4ed1-ad33-5b6277249...@virtualized.org>, David > Conrad > writes: > > Mark, > > > > On Apr 28, 2010, at 3:07 PM, Mark Andrews wrote: > > >> Perhaps the ability to change service providers without having to = > > renumber? > > >=20 > > > We have that ability already. Doesn't require NAT. > > > > Cool! You've figured out, e.g., how to renumber authoritative name = > > servers that you don't have direct control over! > > Don't do that. It was a deliberate design decision to use names > rather than IP addesses in NS records. This allows the operators > of the nameservers to change their addresses when they need to. > > B.T.W. we have the technology to automatically update delegations > if we need to and have for the last 10 years. People just need to > stop being scared about doing it. > > > And modify filter = > > lists on a firewalls across an enterprise network! And remotely update = > > provisioning systems and license managers without interrupting services! = > > Etc., etc. > > > > http://www.rfc-editor.org/internet-drafts/draft-carpenter-renum-needs-work= > > -05.txt > > > > A tiny home office network managed by a highly technical individual with = > > full control over all aspects of the network is not a good model on = > > which to base the definition of "we". > > > > Regards, > > -drc > > Well if you insist on using IP addresses rather than real crypto for access > control. > I suppose it'll protect us when Skynet emerges. I think the current security threat is the people behind the machines, not the machines themselves and their IP addresses. Regards, Mark.