[arin-ppml] IPV4 allocations

[Michael K. Smith]

On 1/3/09 7:49 PM, "Randy Bush" <randy at psg.com> wrote:

> On 09.01.04 12:30, McNutt, Justin M. wrote:
>> Our "look way ahead into the future" IT people are thinking about taking
>> it even further.  They predict a day when we'll throw away the firewalls
>> for the same reason we threw away NAT:  They break two-way applications.
> 
> a laudable view.  we try to follow that in our little universe.  but we
> don't have many end users.
> 
>> I was dismayed to find out that NAT is still possible in IPv6, though
>> pleased that it breaks enough things that it will, perhaps, be deemed
>> unusable enough that it is never widely used.
> 
> we wish.  at the november ietf, v6/v6 nat was discussed in two ways:
> 
>    o it is inevitable so 'we' should do it so it is done right.  i
>      read this as "someone is going to load ms greenberg on the
>      cattle car, so it might as well be we."
> 
>    o and than an over the top science fiction massive koolaid attack
>      from fred that needs to be read/seen to be believed.  i am not
>      sure if it is archived somewhere in some fashion.
> 
If IPv6 is going to pass through the present litany of compliance bodies
then Firewalls and NAT are here to stay.  PCI requires both, HIPAA doesn't
specifically, but there's no other way to meet the privacy requirements
without them and now Microsoft's new PII standard has similar wording to
PCI.

The requirements for security were developed because of known issues as
mentioned and, since none of the RFC's seem to say "IPv6 will make up for
bad coding, bad applications, networks and systems installed and maintained
by "bob the computer guy" then IPv6 better be able to do everything IPv4
does when it comes to established security criteria.

The real world can be a drag.

Mike