[ppml] IPv6 flawed?

mcr at xdsinc.net mcr at xdsinc.net
Fri Sep 14 10:53:44 EDT 2007


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


>>>>> "William" == William Herrin <arin-contact at dirtside.com> writes:
    William> The problem is that:

    William> 1. That's only close to true if you use stateless autoconfiguration
    William> which suffers from such a severe security issue that it might well
    William> drop out of use.

  shim6 doesn't depend upon using stateless autoconfiguration.
  You can use whatever other method you like, including dhcpv6.
(I have written a document on securing dhcp(v4) with RSA keys, but never
implemented it, as yet)

    William> 2. Its not actually true even if you do use stateless
    William> autoconfiguration because you have to talk to other hosts on your
    William> interior network via their full IP addresses, not via just the however
    William> many bits that haven't changed. There's much more to communication
    William> than a host's own IP address.

  This is why you need a "site" (not-local) prefix which is always available.

    William> Standard or no standard, someone is going to build it, someone is
    William> going to sell it and when folks start buying it everybody else is
    William> going to follow.

  okay. but why bother? v4+NAT does everything that v6+NAT does.

- -- 
Michael Richardson <mcr at xdsinc.net>
XDS Inc, Ottawa, ON             
Personal: http://www.sandelman.ca/mcr/ 


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iQDVAwUBRuqgdu0sRu40D6vCAQI7kwX/XNGBhC/xRwUrAMZtXVsLvnB8NkWug7iD
9jtZUGQQo397tC6L2OdYu8UxpfleazVGnSjzEFagUiQ08irfl0IkkqlMJMK75ZGn
X+gRKrAsL7XNXZCuTugGSgWNBcc3Ik0TUQstjROenPRFccIqpt+lOhZmPYTfltPw
I65AcnLZxqoJv4x+CShwLpAVebQ8/Hy51tAHNAsn0OTkmW2pioUhLO+AuhF/tU1c
Wqa1jQH49s37xlsi/M5hamzOr7CZLNYk
=z88F
-----END PGP SIGNATURE-----



More information about the ARIN-PPML mailing list