[101097] in North American Network Operators' Group
Re: European ISP enables IPv6 for all?
daemon@ATHENA.MIT.EDU (Steven M. Bellovin)
Tue Dec 18 00:38:16 2007
Date: Tue, 18 Dec 2007 00:37:10 -0500
From: "Steven M. Bellovin" <smb@cs.columbia.edu>
To: "Christopher Morrow" <morrowc.lists@gmail.com>
Cc: "Sean Siler" <Sean.Siler@microsoft.com>,
"nanog@merit.edu"
<nanog@merit.edu>
In-Reply-To: <75cb24520712171529y605d0ad3pf7f609af882074d9@mail.gmail.com>
Errors-To: owner-nanog@merit.edu
On Mon, 17 Dec 2007 15:29:21 -0800
"Christopher Morrow" <morrowc.lists@gmail.com> wrote:
> how does it improve data security exactly?
>
Back in 1994, it was expected to be true because v6 would mandate
IPsec, and v6 would be deployed long before the installed base of v4
machines would be upgraded to IPsec. Obviously, that's not what
happened; while IPsec was indeed late in coming, v6 was even later, so
the original belief has been OBE. The mythos, however, hasn't caught
up. Similar statements can be made about stateless autoconfig vs. v4
DHCP.
In a slightly more realistic vein, a huge address space makes life
harder for scanning worms. As Angelos Keromytis, Bill Cheswick, and I
have pointed out, "harder" is by no means equivalent to "impossible",
but the myth, new as it is, still propagates.
--Steve Bellovin, http://www.cs.columbia.edu/~smb
