On 6-mei-2005, at 15:01, JORDI PALET MARTINEZ wrote:
Just one more possibility of increasing privacy and security.
You don't need separate subnets for that. There are security features in switches that make all traffic between hosts in the same IP subnet flow through the switch. And as I said before, this isn't going to work anyway, as having separate physical subnets for so many devices is too much to ask and logical subnets are either hard to set up or easy to get around, or both. One subnet for non-trusted stuff and a subnet for your own stuff would be better, IMO. Protecting the washer from sniffing by the fridge seems peculiar to say the least, and is better done with TLS/ IPsec anyway.
Depending on who is the service provider, is up to the user to decide if they want to allow other service providers to access that information or not, and we should technically facilitate it, right ? If we start increasing the difficulties of making new things possible, we will end up repeating the IPv4 mistakes.
If we throw away most of our address bits on stuff that doesn't need it we'll be repeating IPv4 mistakes too. :-)
The mistake here is limiting address space and subneting possibilities to be easily managed.
I think doing /60 now and changing this when it becomes necessary makes sense. We're not closing any doors by giving out /60s.
From both, the ISP and customer perspective, is much easier managing a flat network were everyone has /48 instead of having different "classes" of customers,
Yes, that's why we need to have as few classes as possible. I think saving 12 bits for 95% of al users is worth having two classes rather than 1, though.
because the goal is not to charge because you have or use /60 or /48, but because you use this or that bandwidth and/or this number of services, just like cable or satellite TV.
That's what you think, but you don't run an ISP... This is a tough business where you take the nickles where you can get them. Paying for bandwidth isn't very popular, and the whole point of the internet is that you can get your services from anywhere. And really, you don't have to quote my entire previous message, I still know what I wrote.