[75461] in North American Network Operators' Group
Re: IPV6 renumbering painless?
daemon@ATHENA.MIT.EDU (Iljitsch van Beijnum)
Sat Nov 13 07:48:42 2004
In-Reply-To: <20041113090256.GD11329@skywalker.bsws.de>
Cc: nanog@merit.edu
From: Iljitsch van Beijnum <iljitsch@muada.com>
Date: Sat, 13 Nov 2004 13:48:01 +0100
To: Henning Brauer <hb-nanog@bsws.de>
Errors-To: owner-nanog-outgoing@merit.edu
On 13-nov-04, at 10:02, Henning Brauer wrote:
> * Owen DeLong <owen@delong.com> [2004-11-13 08:46]:
>> I suspect that eventually, we will discover that ADDRESS-based
>> ACLs simply do not scale to a V6 world
> which I see as an issue with v6 and not the ACLs.
Yes, because address based access restrictions never get in the way of
renumbering in IPv4.
Filtering based on IP addresses is a broken concept.
I'm not a huge fan of sprinkling crypto over everything, but if you
want certain people to have access to some stuff and not others,
IPsec/SSL are the way to go.
