[76834] in North American Network Operators' Group
Re: IPv6, IPSEC and deep packet inspection
daemon@ATHENA.MIT.EDU (Stephen Sprunk)
Fri Dec 31 16:41:39 2004
From: "Stephen Sprunk" <stephen@sprunk.org>
To: "Merike Kaeo" <kaeo@merike.com>,
"Sam Stickland" <sam_ml@spacething.org>
Cc: "North American Noise and Off-topic Gripes" <nanog@merit.edu>
Date: Fri, 31 Dec 2004 15:08:46 -0600
Errors-To: owner-nanog-outgoing@merit.edu
Thus spake "Merike Kaeo" <kaeo@merike.com>
>
> An IPv6 network is sufficiently different from IPv4 that I encourage
> folks to not simply slap an IPv4 security model onto future IPv6
> networks.
The links, routers, switches, applications, admins, and budget are all the
same, and layers 3 and 4 only have marginal differences. If you expect
people to treat IPv6 any differently than IPv4, you'll need to be very
explicit in what the differences are (or can be) and what the benefits are
to throwing out a decade or more of experience and retraining everyone.
S
Stephen Sprunk "Stupid people surround themselves with smart
CCIE #3723 people. Smart people surround themselves with
K5SSS smart people who disagree with them." --Aaron Sorkin
