search

WICG / private-network-access

https://wicg.github.io/private-network-access/
Other
52 stars 21 forks source link

RFC6598 CGNAT addresses should be considered private #92

Closed johnathan79717 closed 1 year ago

johnathan79717 commented 1 year ago

RFC6598 CGNAT addresses [1] are not currently considered private in PNA spec [2] but some VPNs such as Tailscale are already using them as private IP addresses [3].

We should consider making them private too.

[1] https://www.rfc-editor.org/rfc/rfc6598.html [2] https://wicg.github.io/private-network-access/#ip-address-space [3] https://emily.id.au/tailscale#dns-rebinding-is-dead

letitz commented 1 year ago

From the intro:

Shared Address Space is similar to [RFC1918] private address space in that it is not globally routable address space and can be used by multiple pieces of equipment.

This sounds like it squarely fits the definition of the private address space:

contains addresses that have meaning only within the current network. In other words, addresses whose target differs based on network position

We should indeed add 100.64.0.0/10 to the list of private IP address blocks.