[171129] in North American Network Operators' Group
Re: Requirements for IPv6 Firewalls
daemon@ATHENA.MIT.EDU (Lee Howard)
Fri Apr 18 18:39:35 2014
Date: Fri, 18 Apr 2014 18:37:28 -0400
From: Lee Howard <Lee@asgard.org>
To: George Herbert <george.herbert@gmail.com>,
Timothy Morizot <tmorizot@gmail.com>
In-Reply-To: <CAK__Kzub-4ZK+kSDC3qsnNqbauhLHnP68Y3Jg0WDQLh0rYEyXw@mail.gmail.com>
Cc: "draft-gont-opsec-ipv6-firewall-reqs@tools.ietf.org"
<draft-gont-opsec-ipv6-firewall-reqs@tools.ietf.org>, NANOG <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On 4/18/14 4:33 PM, "George Herbert" <george.herbert@gmail.com> wrote:
>
>If William and I fight that fight, lose it, and come back and tell you
>"They won't go because insufficient NAT" you need to listen. I've fought
>this in a dozen places and lost 8 of them, not because I don't know v6,
>but
>because the clients have inertia and politics around security posture
>changes (and in some cases, PCI compliance regs).
IPv6 evangelists are used to fighting inertia.
PCI, however. . . anyone have any contacts there?
Lee
