[81863] in North American Network Operators' Group
Re: OMB: IPv6 by June 2008
daemon@ATHENA.MIT.EDU (David Meyer)
Fri Jul 1 11:30:28 2005
Date: Fri, 1 Jul 2005 08:29:46 -0700
From: David Meyer <dmm@1-4-5.net>
To: "Christopher L. Morrow" <christopher.morrow@mci.com>
Cc: Mohacsi Janos <mohacsi@niif.hu>,
"Fergie (Paul Ferguson)" <fergdawg@netzero.net>, nanog@merit.edu
In-Reply-To: <Pine.GSO.4.58.0507011451070.7139@parapet.argfrp.us.uu.net>
Errors-To: owner-nanog@merit.edu
--+QahgC5+KEYLbs62
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Fri, Jul 01, 2005 at 02:54:30PM +0000, Christopher L. Morrow wrote:
>=20
>=20
> On Fri, 1 Jul 2005, Mohacsi Janos wrote:
> > >
> > > This keeps coming up in each discussion about v6, 'what security meas=
ures'
> > > is never really defined in any real sense. As near as I can tell it's
> > > level of 'security' is no better (and probably worse at the outset, f=
or
> > > the implementations not the protocol itself) than v4. I could be wro=
ng,
> > > but I'm just not seeing any 'inherent security' in v6, and selling it=
that
> > > way is just a bad plan.
> > >
> >
> > Just name a few:
> > - Possibility to end-to-end IPSec.
>=20
> exists in v4
>=20
> > - Not feasible scanning of subnets remotely
>=20
> eh... maybe, I'm not convinced this matters anyway.
>=20
> > - Privacy enhanced addresses - not tracking usage based on addresses
>=20
> dhcp can do this for you (v4 has mechanisms for this)
>=20
> > - Better ingress filtering
> >
>=20
> right... because gear that filters so well in v4-land will filter so much
> better in v6-land? you =3D=3D crazy.
>=20
>=20
> All those objections aside, I'd love to see v6 more fully deployed. I'm
> not sure I see how it's going to get beyond 'research' or 'play' land,
> except for some small cases, for quite some time. It's interesting that
> the flood gates on ip space are openning at IANA though, that should
> hasten the v6 takeup/deployment :)
Perhaps paraphrasing what Chris just said: At the end of
the day, it is very difficult to make the case that IPv6
offers anything that IPv4 doesn't other than a larger
address space. =20
Dave
--+QahgC5+KEYLbs62
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFCxWFqORgD1qCZ2KcRAuMxAJ49XNYGdo5unYqUv9xPZeS1ftQRAwCdHLVH
LxRjMrk9q8juKhGi4h/SDyM=
=m7CC
-----END PGP SIGNATURE-----
--+QahgC5+KEYLbs62--
