[ppml] IPv6, Vista, and the Popular Press

JORDI PALET MARTINEZ jordi.palet at consulintel.es
Fri Jun 8 17:41:37 EDT 2007

My reading on this case, and having tested with customers, is that the fault
is not IPv6, but some broken drivers (this case seems a printer driver).

Of course, as you say, inexperienced sysadmins make the wrong testing and
blame IPv6, instead of blaming other things. The issue is that the printer
can stop working by many other reasons not just because IPv6, but is the
easier thing to try/say.

Also the Symantec statement is a long history and seems to me more a fight
with Microsoft than against IPv6, is a pure market thing, they can't sell
good IPv6 firewalls yet, and Microsoft has an embedded one, so blame IPv6
instead of blaming yourself for not getting ready in time.

There has been also a recent discussion in v6ops because someone from
Symantec was raising security concerns about Teredo with a new draft and the
conclusion is that he is trying to defend a product that can't manage IPv6,
but the worst is that in a managed network, you should not use Teredo, but
instead a managed transition mechanism or native IPv6 connectivity itself,
so the broken thing is again the lack of good sysadmins that just try to
make their life easy instead of doing the work they are expected to do, for
example getting ready with IPv6 before it comes.


> De: Leo Bicknell <bicknell at ufp.org>
> Organización: United Federation of Planets
> Responder a: <ppml-bounces at arin.net>
> Fecha: Fri, 8 Jun 2007 16:53:30 -0400
> Para: <ppml at arin.net>
> Asunto: [ppml] IPv6, Vista, and the Popular Press
> http://www.networkworld.com/news/2007/060707-microsoft-vista-ipv6-incompatible
> .html
> I wonder if the author failed math class or is making a commentary
> on RIR IPv6 allocation sizes when she states that "IPv6 supports a
> 128-bit addressing scheme, which lets it support an order-of-magnitude
> more devices that are directly connected to the Internet than its
> predecessor, IPv4."
> However, I want to point out while the board and I think the community
> are pulling hard to get IPv6 deployed, people deploying real systems
> seem to often be going in the other direction.  From page 2:
> ] Murphy says he is recommending that his clients remove IPv6 from their
> ] Vista workstations.
> As if that wasn't bad enough, some quotes from the comments:
> ] So why run both is my question and why does vista install both
> ] automatically? I can see if the IPv4 standard was going away in a year
> ] but it is not so I recommend to remove IPv6.
> However, least I think this is poor reporting of an inexperienced
> sysadmin a mainstream vendor, Symantec has similar advice.  They checked
> out all of Vista's new networking:
> http://www.symantec.com/enterprise/security_response/weblog/2006/07/post.html
> In their report, 
> http://www.symantec.com/avcenter/reference/ATR-VistaAttackSurface.pdf,
> there's a choice quote:
> ] Firewalls and IDSs will have to consider the presense of new Vista
> ] machines on their networks.  If left unhandled and unchecked, IPv6
> ] and it's accompanying transition technologies allow an attacher access
> ] to hosts on private internal networks outside of the preview of the
> ] administrator.  Unwanted access can be prevented by the analysis of
> ] IPv6 protocols in the firewall or IDS or by completely blocking all
> ] IPv6 protocols.
> With the Board's recent step to get the IPv6 word out, is there
> anything else the RIR community can do to head off the advice of
> "just turn it off"?  If sysadmins are deinstalling IPv6 support in
> OS's like Vista then deploying IPv6 is going to be even more
> difficult.
> -- 
>        Leo Bicknell - bicknell at ufp.org - CCIE 3440
>         PGP keys at http://www.ufp.org/~bicknell/
> Read TMBG List - tmbg-list-request at tmbg.org, www.tmbg.org
> _______________________________________________
> This message sent to you through the ARIN Public Policy Mailing List
> (PPML at arin.net).
> Manage your mailing list subscription at:
> http://lists.arin.net/mailman/listinfo/ppml

The IPv6 Portal: http://www.ipv6tf.org

Bye 6Bone. Hi, IPv6 !

This electronic message contains information which may be privileged or confidential. The information is intended to be for the use of the individual(s) named above. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, including attached files, is prohibited.

More information about the ARIN-PPML mailing list