[117863] in North American Network Operators' Group
Re: ISP customer assignments
daemon@ATHENA.MIT.EDU (Ricky Beam)
Mon Oct 5 16:43:56 2009
To: "William Herrin" <herrin-nanog@dirtside.com>, "Brian Johnson"
<bjohnson@drtel.com>
Date: Mon, 05 Oct 2009 16:43:16 -0400
From: "Ricky Beam" <jfbeam@gmail.com>
In-Reply-To: <3c3e3fca0910051137j27f38210ua16749eaa4291d68@mail.gmail.com>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
[here we go again]
On Mon, 05 Oct 2009 14:37:49 -0400, William Herrin
<herrin-nanog@dirtside.com> wrote:
> Some clever guy figured out that ... why not
> add an extra 64 bits for that very convenient improvement? This is
> called "stateless autoconfiguration."
Except that "clever guy" was in fact an idiot blinded by idealism. Not
only did he fail to see the security implications of having a fixed
address, but he'd apparently spent his entire life under a rock, on an
island, on another planet... he completely ignored the fact that people
were using DHCP [formerly known as BOOTP] (and have been now for over a
decade) to provide machines with FAR MORE than just an address. A machine
needs more than just an address to be useful -- something IPv6 users learn
very quickly after turning off IPv4 and it's DHCP learned info.
> Some even more clever guy figured out that if the first clever guy's
> strategy is used, it becomes a trivial matter to track someone
> online... ...
> stateless autoconfiguration will probably end up being a waste.
It's ALWAYS been a waste. All these supposed "clever guys" failed to
learn from the mistakes that preceded them and have doomed us to repeat
them... ICMP router discovery (technology abandoned so long ago, I'd
forgotten about it), RARP, bootp, dhcp. SLAAC loops us back around to the
beginning. Only this time, it's inescapable: I still have to have
something on the network spewing RAs for the sole purpose of telling
everything to use DHCP instead; there's a hard "class" boundary smack in
the middle of a "classless network" because these "clever guys" were lazy
and didn't want to figure out ways to avoid address collisions. (something
modern IPv6 stacks do by default for privacy -- randomly generated
addresses have to be tested for uniqueness.)
--Ricky
