AMICO Testbed Users:

Some of you have contacted us with some concerns and questions about RLG's recent request for your IP addresses. In case it might be more widely useful, I am attaching below an answer to a query we received today which expressed some worry about collecting large numbers of IP addresses to adequately cover each individual that will access the AMICO Library during the Testbed year. We were asked if we might not do validation by domain instead. The short answer is yes, but read on below and note particularly the last paragraph.

Willy Cromwell-Kessler, RLG

********************************************

It is possible to limit access by domain or hostname, rather than by IP address. This approach has a significant down-side for some users, however, which this site should consider. I quote from the Netscape Enterprise Server Administrator's Guide:

     "Restricting by hostname is more flexible than by IP
     address -- if a user's IP address changes, you won't have
     to update this list.  But on the other hand, restricting
     by IP address is more reliable -- if a DNS (Domain Name
     Server) lookup fails for a connected client, hostname
     restriction cannot be used."

Fans of hostname restrictions will note that IP address restrictions have their own down-sides, not the least of which is that our host needs to be kept informed of valid IP address ranges, as local network addressing changes.

We can restrict access to "subnets" or ranges of IP addresses. E.g., we can restrict access to all the IP addresses beginning with "204.161.106.". If that makes it any easier to provide a list of valid IP address ranges.