[133232] in North American Network Operators' Group
Re: Pointer for documentation on actually delivering IPv6
daemon@ATHENA.MIT.EDU (Joel Jaeggli)
Tue Dec 7 09:23:21 2010
Date: Tue, 07 Dec 2010 06:23:07 -0800
From: Joel Jaeggli <joelja@bogus.com>
To: david raistrick <drais@icantclick.org>
In-Reply-To: <alpine.BSF.2.00.1012070803380.41008@murf.icantclick.org>
Cc: North American Network Operators Group <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On 12/7/10 5:18 AM, david raistrick wrote:
> On Mon, 6 Dec 2010, Owen DeLong wrote:
>
>> Seriously, though, you're welcome to use fd00::/8 for exactly that
>> purpose. The problem is that you (and hopefully it stays this way)
>> won't have much luck finding a vendor that will provide the NAT for
>> you to do it with.
>
> [with my flame-retardant hat installed firmly]
>
> So what's the IPV6 solution for PCI compliance, where 1.3.8 requires the
> use of RFC1918 space? Admitedly, it's been a year or two since I last
> had to engineer around that particular set of rules...but it's life or
> death for a lot of folks.
Document a compensating control...
That particular case is trivial to demonstrate that the in scope
addresses are not exposed to the internet.
>
>
> --
> david raistrick http://www.netmeister.org/news/learn2quote.html
> drais@icantclick.org http://www.expita.com/nomime.html
>
>
