[143521] in North American Network Operators' Group
Re: IPv6 end user addressing
daemon@ATHENA.MIT.EDU (Greg Ihnen)
Thu Aug 11 13:53:27 2011
From: Greg Ihnen <os10rules@gmail.com>
In-Reply-To: <125E015F-1111-46F4-93C8-72C2ED041BEE@delong.com>
Date: Thu, 11 Aug 2011 13:22:42 -0430
To: Owen DeLong <owen@delong.com>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Aug 11, 2011, at 1:04 PM, Owen DeLong wrote:
>=20
> On Aug 11, 2011, at 5:41 AM, Jamie Bowden wrote:
>=20
>> Owen wrote:
>>=20
>>> -----Original Message-----
>>> From: Owen DeLong [mailto:owen@delong.com]
>>> Sent: Wednesday, August 10, 2011 9:58 PM
>>> To: William Herrin
>>> Cc: nanog@nanog.org
>>> Subject: Re: IPv6 end user addressing
>>>=20
>>>=20
>>> On Aug 10, 2011, at 6:46 PM, William Herrin wrote:
>>>=20
>>>> On Wed, Aug 10, 2011 at 9:32 PM, Owen DeLong <owen@delong.com>
>> wrote:
>>>>>> Someday, I expect the pantry to have a barcode reader on it
>>> connected back
>>>>>> a computer setup for the kitchen someday. Most of us already use
>>> barcode
>>>>>> readers when we shop so its not a big step to home use.
>>>>>=20
>>>>> Nah... That's short-term thinking. The future holds advanced
>>> pantries with
>>>>> RFID sensors that know what is in the pantry and when they were
>>> manufactured,
>>>>> what their expiration date is, etc.
>>>>=20
>>>> And since your can of creamed corn is globally addressable, the =
rest
>>>> of the world knows what's in your pantry too. ;)
>>>>=20
>>>=20
>>> This definitely helps explain your misconceptions about NAT as a
>>> security tool.
>>>=20
>>>=20
>>> Globally addressable !=3D globally reachable.
>>>=20
>>> Things can have global addresses without having global reachability.
>>> There are
>>> these tools called access control lists and routing policies. =
Perhaps
>>> you've heard
>>> of them. They can be quite useful.
>>=20
>> And your average home user, whose WiFi network is an open network =
named
>> "linksys" is going to do that how?
>>=20
>=20
> Because the routers that come on pantries and refrigerators will =
probably be
> made by people smarter than the folks at Linksys?
>=20
> Owen
>=20
>=20
I respectfully disagree. If appliance manufacturers jump on the =
bandwagon to make their device *Internet Ready!* we'll see appliance =
makers who have way less networking experience than Linksys/Cisco =
getting into the fray. I highly doubt the pontifications of these Good =
Morning America technology gurus who predict all these changes are =
coming to the home. Do we really think appliance manufacturers are going =
to agree on standards for keeping track of how much milk is in the =
fridge, especially as not just manufacturing but also engineering is =
moving to countries like China? How about the predictions that have been =
around for years about appliances which will alert the manufacturer =
about impending failure so they can call you and you can schedule the =
repair before there's a breakdown? Remember that one? We don't even have =
an "appliance about to break, call repairman" idiot light on appliances =
yet.
But I predict the coming of IPv6 to the home in a big way will have =
unintended consequences.
I think the big shock for home users regarding IPv6 will be suddenly =
having their IPv4 NAT firewall being gone and all their devices being =
exposed naked to everyone on the internet. Suddenly all their security =
shortcomings (no passwords, "password" for the password etc) are going =
to have catastrophic consequences. I foresee an exponential leap in the =
number of hacks of consumer devices which will have repercussions well =
beyond their local network. In my opinion that's going to be the biggest =
problem with IPv6, not all the concerns about the inner workings of the =
protocols. I'm guessing the manufacturers of consumer grade networkable =
devices are still thinking about security as it applies to LANs with rfc =
1918 address space behind a firewall and haven't rethought security as =
it applies to IPv6.
Greg=
