[ppml] IPv6 addresses really are scarce after all

Stephen Sprunk stephen at sprunk.org
Mon Aug 27 17:08:14 EDT 2007

Thus spake <michael.dillon at bt.com>
> In my experience Ethernet bridges and switches are not
> designed with security as a goal. When they fail to transmit
> all incoming frames on all interfaces, it is to prevent segment
> overload or broadcast storms. There are many cases where
> people have found ways, sometimes quite simple ways, to
> receive Ethernet frames that are not addressed to them.
> Given this backdrop, I am suggesting that a homeowner
> may have several reasons for inserting routers (and router /
> firewalls) into their home network, thus requiring the ability
> to have multiple /64 IPv6 subnets. Architecture aside, this
> is a pragmatic response to an information security issue.

Basically, because some people are too dense to use IPsec or SSL for traffic 
they don't want observed, you want to greatly complicate the average home 
network's design?  That they should be more scared of, say, their spouse 
sniffing their credit card numbers at home than the NSA and FBI tapping 
their email and web browsing at the CO?

Sorry, but that's the wrong response to the wrong problem.


Stephen Sprunk         "God does not play dice."  --Albert Einstein
CCIE #3723         "God is an inveterate gambler, and He throws the
K5SSS        dice at every possible opportunity." --Stephen Hawking 

More information about the ARIN-PPML mailing list