[134460] in North American Network Operators' Group
Re: NIST IPv6 document
daemon@ATHENA.MIT.EDU (Paul Ferguson)
Thu Jan 6 01:50:48 2011
In-Reply-To: <A5A1E7C8-D6BB-4C7B-B9AF-48838832E317@arbor.net>
Date: Wed, 5 Jan 2011 22:47:02 -0800
From: Paul Ferguson <fergdawgster@gmail.com>
To: "Dobbins, Roland" <rdobbins@arbor.net>
Cc: Nanog Operators' Group <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Wed, Jan 5, 2011 at 10:36 PM, Dobbins, Roland <rdobbins@arbor.net>
wrote:
>
> On Jan 6, 2011, at 1:26 PM, Joe Greco wrote:
>
>> A bunch of very smart people have worked on IPv6 for a very long time,
>> and justification for /64's was hashed out at extended length over the
>> period of years.
>
> Very smart people can and do come up with bad ideas, and IPv6 is a
> textbook example of this phenomenon, heh. I certainly bear my share of
> the responsibility for this state of affairs by not getting involved, and
> leaving the heavy lifting to others.
>
As someone who has been immersed in security for many years now, and having
previously been very intimately involved in the network ops community for
equally many years, I have to agree with Roland here. Just because a lot of
smart people have worked on IPv6 for many years does not mean that the
security issues have been equally well thought out.
I see this as very similar to all IP technology evolution issues -- none of
which ever really focused on the dedicated attacker/criminal using the same
technology to attack/defraud/hijack/etc.
This is not meant as a slight to anyone -- just a realization of looking at
security from a real-world perspective. It seems to always have to get
"bolted on" as an afterthought, instead of baked-in from the beginning.
$.02,
- - ferg
-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.5.3 (Build 5003)
wj8DBQFNJWVcq1pz9mNUZTMRAtimAJ4xWmqbP4Or5KFnonDW8XtOMMvMjgCcCswk
9JDJXNyDgUV4RnZlfDcBges=3D
=3DKKZ+
-----END PGP SIGNATURE-----
--=20
"Fergie", a.k.a. Paul Ferguson
=A0Engineering Architecture for the Internet
=A0fergdawgster(at)gmail.com
=A0ferg's tech blog: http://fergdawg.blogspot.com/
