[170148] in North American Network Operators' Group
RE: misunderstanding scale
daemon@ATHENA.MIT.EDU (Eric Wieling)
Mon Mar 24 15:15:59 2014
From: Eric Wieling <EWieling@nyigc.com>
To: William Herrin <bill@herrin.us>, Joe Greco <jgreco@ns.sol.net>
Date: Mon, 24 Mar 2014 15:04:54 -0400
In-Reply-To: <CAP-guGXeFppQ_oLfecc0asXP664x8Bqz2G-rt=P8uYaCKkSv5g@mail.gmail.com>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Yes, that is exactly what IPv6 expects of us. The only surprising part is=
by all indications the IPv6 designers did not think this would be a proble=
m. =20
-----Original Message-----
From: William Herrin [mailto:bill@herrin.us]=20
Sent: Monday, March 24, 2014 1:14 PM
To: Joe Greco
Cc: nanog@nanog.org
Subject: Re: misunderstanding scale
On Mon, Mar 24, 2014 at 8:31 AM, Joe Greco <jgreco@ns.sol.net> wrote:
>> all successful security is about _defense in depth_.
>> If it is inaccessible, unrouted, unroutable and unaddressable then=20
>> you have four layers of security. If it is merely inaccessible and=20
>> unrouted you have two.
>
> Time to give up two layers of meaningless security for the riches=20
> offered by the vastness of the new address space.
Hi Joe,
You'd expect folks to give up two layers of security at exactly the same ti=
me as they're absorbing a new network protocol with which they're yet unski=
lled? Does that make sense to you from a risk-management standpoint?
-Bill
--
William D. Herrin ................ herrin@dirtside.com bill@herrin.us
3005 Crane Dr. ...................... Web: <http://bill.herrin.us/> Falls C=
hurch, VA 22042-3004
