[arin-ppml] IPv4 Depletion as an ARIN policy concern
Rodgers Moore
RMoore at fnsky.com
Wed Oct 28 16:37:31 EDT 2009
Only because I can chime in... Any system that uses IPv6 will not be PCI-DSS compliant.
PCI-DSS v1.2 Requirement 1.3.8 - "Implement IP masquerading to prevent internal addresses from being translated and revealed on the Internet, using RFC 1918 address space. Use network address translation (NAT) technologies-for example, port address translation (PAT)."
It matters not how much B.S. this is, only that being non-compliant (as per the technically challenged auditor determines) allows Visa, MasterCard, Discover, and Amex to fine the *&^$# out of you and/or revoke your organization's ability to transact credit cards.
Sorry, I couldn't help but bring a new twist to the conversation. Or, uh, throw gas on the fire.
Rodgers Moore, CCIE# 8153
CSO
Fortress Network Security
2500 Technology Dr
Louisville KY 40299
-----Original Message-----
From: arin-ppml-bounces at arin.net [mailto:arin-ppml-bounces at arin.net] On Behalf Of Chris Engel
Sent: Wednesday, October 28, 2009 4:06 PM
To: 'Paul G. Timmins'; Joe Maimon; Chris Grundemann
Cc: arin-ppml at arin.net
Subject: Re: [arin-ppml] IPv4 Depletion as an ARIN policy concern
Paul,
Respectfully, that is because for the vast majority of Network/System Admins IPv6 and the details of it's implementation are barely a blip on the radar screen....if that.
I can attest that NAT is a tool which see's extensive use among said Admins...and NOT simply because one cannot obtain enough public IP addresses. As I believe I have illustrated...it has a variety of useful functionality for us. I can assure you that if something in IPv6 does not offer the equivalent functionality to that which NAT currently provides for IPV4 and in a similarly convenient manner.....you are going to hear a VERY loud wailing and gnashing of teeth from this population.
I'm sure that is a sound that will resonate with equipment vendors. However without some confidence that some sort of NAT66 solution will be provided (or nearly identical functionality can be achieved).....your going to see alot of resistance in this population to IPv6 adoption.
If you want people to actually be SUPPORTIVE of that adoption rather then RESISTANT then you have to provide some assurance that the tools they are used to working with to solve real problems will be available in some form.....or at the very least a substitute that achieves equivalent functionality and is easily translatable.
"Taking this to its logical conclusion, it's not necessary for community consensus to implement NAT66. If people demand it, and equipment vendors want to implement it, they will, and then will standardize it after the fact, much like many other current standards have been done.
The fact that no such standard exists and no platform I'm aware of implements NAT66 is pretty telling in and of itself.
-Paul"
_______________________________________________
PPML
You are receiving this message because you are subscribed to
the ARIN Public Policy Mailing List (ARIN-PPML at arin.net).
Unsubscribe or manage your mailing list subscription at:
http://lists.arin.net/mailman/listinfo/arin-ppml
Please contact info at arin.net if you experience any issues.
More information about the ARIN-PPML
mailing list