[143529] in North American Network Operators' Group
Re: IPv6 end user addressing
daemon@ATHENA.MIT.EDU (Owen DeLong)
Thu Aug 11 17:37:05 2011
From: Owen DeLong <owen@delong.com>
In-Reply-To: <DE4163C8-F20C-4ADB-9292-0EFEE32FF4BE@gmail.com>
Date: Thu, 11 Aug 2011 14:35:25 -0700
To: Greg Ihnen <os10rules@gmail.com>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
>=20
> I respectfully disagree. If appliance manufacturers jump on the =
bandwagon to make their device *Internet Ready!* we'll see appliance =
makers who have way less networking experience than Linksys/Cisco =
getting into the fray. I highly doubt the pontifications of these Good =
Morning America technology gurus who predict all these changes are =
coming to the home. Do we really think appliance manufacturers are going =
to agree on standards for keeping track of how much milk is in the =
fridge, especially as not just manufacturing but also engineering is =
moving to countries like China? How about the predictions that have been =
around for years about appliances which will alert the manufacturer =
about impending failure so they can call you and you can schedule the =
repair before there's a breakdown? Remember that one? We don't even have =
an "appliance about to break, call repairman" idiot light on appliances =
yet.
>=20
What standards? The RFID tag on the milk carton will, essentially, =
replace the bar code once RFID tags become cheap enough. It'll be like =
an uber-barcode with a bunch more information.
For keeping track of how much, cheap sensitive pressure transducers will =
know by the position of the RFID tag combined with the weight of the =
thing at that location in the refrigerator. There's no new standard =
required.
The technology to do this exists today. The integration and mainstream =
acceptance is still years, if not decades off, but, IPv6 should last for =
decades, so, if we don't plan for at least the things we can see coming =
today and already know feasible ways to implement, we're doomed for the =
other unexpected things we don't see coming.
> But I predict the coming of IPv6 to the home in a big way will have =
unintended consequences.
>=20
Definitely.
> I think the big shock for home users regarding IPv6 will be suddenly =
having their IPv4 NAT firewall being gone and all their devices being =
exposed naked to everyone on the internet. Suddenly all their security =
shortcomings (no passwords, "password" for the password etc) are going =
to have catastrophic consequences. I foresee an exponential leap in the =
number of hacks of consumer devices which will have repercussions well =
beyond their local network. In my opinion that's going to be the biggest =
problem with IPv6, not all the concerns about the inner workings of the =
protocols. I'm guessing the manufacturers of consumer grade networkable =
devices are still thinking about security as it applies to LANs with rfc =
1918 address space behind a firewall and haven't rethought security as =
it applies to IPv6.
>=20
Sigh...=20
Continuing to propagate this myth doesn't make it any more true than it =
was 10 years ago.
NAT !=3D Security
End-to-End addressing !=3D End-to-End connectivity
It will not be long before the average residential IPv6 gateway comes =
with a default deny all inbound stateful firewall built in. Once you =
have that, your hosts are not exposed naked to everyone on the internet. =
In fact, they are no more exposed than with NAT with the key difference =
being that if you choose to expose one or more hosts, you have the =
option of deliberately doing so.
Actually, I know for certain that most of the CPE manufacturers are =
participating in the effort to draft better security requirements for =
residential gateways as a current ID and hopefully an RFC soon. I =
believe, as a matter of fact, that this is a BIS document being intended =
as a more comprehensive improvement over the initial version.
Owen
