[143533] in North American Network Operators' Group
Re: IPv6 end user addressing
daemon@ATHENA.MIT.EDU (Greg Ihnen)
Thu Aug 11 18:19:53 2011
From: Greg Ihnen <os10rules@gmail.com>
In-Reply-To: <56494910-9FFD-4FED-9C14-A271FF856AF4@delong.com>
Date: Thu, 11 Aug 2011 17:49:03 -0430
To: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Aug 11, 2011, at 5:05 PM, Owen DeLong wrote:
>>=20
>> I respectfully disagree. If appliance manufacturers jump on the =
bandwagon to make their device *Internet Ready!* we'll see appliance =
makers who have way less networking experience than Linksys/Cisco =
getting into the fray. I highly doubt the pontifications of these Good =
Morning America technology gurus who predict all these changes are =
coming to the home. Do we really think appliance manufacturers are going =
to agree on standards for keeping track of how much milk is in the =
fridge, especially as not just manufacturing but also engineering is =
moving to countries like China? How about the predictions that have been =
around for years about appliances which will alert the manufacturer =
about impending failure so they can call you and you can schedule the =
repair before there's a breakdown? Remember that one? We don't even have =
an "appliance about to break, call repairman" idiot light on appliances =
yet.
>>=20
> What standards? The RFID tag on the milk carton will, essentially, =
replace the bar code once RFID tags become cheap enough. It'll be like =
an uber-barcode with a bunch more information.
>=20
> For keeping track of how much, cheap sensitive pressure transducers =
will know by the position of the RFID tag combined with the weight of =
the thing at that location in the refrigerator. There's no new standard =
required.
>=20
> The technology to do this exists today. The integration and mainstream =
acceptance is still years, if not decades off, but, IPv6 should last for =
decades, so, if we don't plan for at least the things we can see coming =
today and already know feasible ways to implement, we're doomed for the =
other unexpected things we don't see coming.
>=20
What reads the RFID's and the pressure sensors? What server or =
application receives this data and deals with it according to the user's =
desires? How does that data or the information and alerts this system =
would generate get to the user's devices? There has to be a device in =
the home or a server somewhere for a service the home owner subscribes =
to which keeps an inventory of all these things and acts on it.=20
Do you really think it's going to be common place for people to have =
this kind of technology and more importantly use it?
I think the kitchen you foresee is the kind of dream kitchen the kind of =
people who imbed RFID chips in themselves so they can have a house that =
opens the doors and turns on the lights as they approach.
You don't have a chip in you, do you?
>> But I predict the coming of IPv6 to the home in a big way will have =
unintended consequences.
>>=20
>=20
> Definitely.
>=20
>=20
>> I think the big shock for home users regarding IPv6 will be suddenly =
having their IPv4 NAT firewall being gone and all their devices being =
exposed naked to everyone on the internet. Suddenly all their security =
shortcomings (no passwords, "password" for the password etc) are going =
to have catastrophic consequences. I foresee an exponential leap in the =
number of hacks of consumer devices which will have repercussions well =
beyond their local network. In my opinion that's going to be the biggest =
problem with IPv6, not all the concerns about the inner workings of the =
protocols. I'm guessing the manufacturers of consumer grade networkable =
devices are still thinking about security as it applies to LANs with rfc =
1918 address space behind a firewall and haven't rethought security as =
it applies to IPv6.
>>=20
>=20
> Sigh...=20
>=20
> Continuing to propagate this myth doesn't make it any more true than =
it was 10 years ago.
I'm sorry, what was the myth there? The public overall uses bad =
passwords and knowingly does not comply with security best practices? =
More connectivity is going to bring more problems and exploits? Those =
myths?
>=20
> NAT !=3D Security
> End-to-End addressing !=3D End-to-End connectivity
> It will not be long before the average residential IPv6 gateway comes =
with a default deny all inbound stateful firewall built in. Once you =
have that, your hosts are not exposed naked to everyone on the internet. =
In fact, they are no more exposed than with NAT with the key difference =
being that if you choose to expose one or more hosts, you have the =
option of deliberately doing so.
We'll see.
>=20
> Actually, I know for certain that most of the CPE manufacturers are =
participating in the effort to draft better security requirements for =
residential gateways as a current ID and hopefully an RFC soon. I =
believe, as a matter of fact, that this is a BIS document being intended =
as a more comprehensive improvement over the initial version.
>=20
> Owen
>=20
