[arin-ppml] IPv4 Depletion as an ARIN policy concern
Michael K. Smith - Adhost
mksmith at adhost.com
Wed Oct 28 17:02:14 EDT 2009
It appears that you have to become a participating organization for
$2500.00 per year.
Regards,
Mike
--
Michael K. Smith - CISSP, GISP
Chief Technical Officer - Adhost Internet LLC mksmith at adhost.com
w: +1 (206) 404-9500 f: +1 (206) 404-9050
PGP: B49A DDF5 8611 27F3 08B9 84BB E61E 38C0 (Key ID: 0x9A96777D)
> -----Original Message-----
> From: arin-ppml-bounces at arin.net [mailto:arin-ppml-bounces at arin.net]
On
> Behalf Of Scott Leibrand
> Sent: Wednesday, October 28, 2009 1:56 PM
> To: Rodgers Moore
> Cc: arin-ppml at arin.net
> Subject: Re: [arin-ppml] IPv4 Depletion as an ARIN policy concern
>
> Does anyone know what the mechanism is for getting the next version of
> PCI-DSS updated to translate that requirement into something that
> covers
> IPv6? Their concern is reasonable, and we should probably be engaging
> in a conversation with the PCI Security Standards Council and working
> with them to address those concerns as networks move to IPv6.
>
> Unless someone here is involved in that process, it sounds like an
> opportunity for ARIN to do some additional outreach (if they're not
> already)...
>
> -Scott
>
> Rodgers Moore wrote:
> > Only because I can chime in... Any system that uses IPv6 will not
be
> PCI-DSS compliant.
> >
> > PCI-DSS v1.2 Requirement 1.3.8 - "Implement IP masquerading to
> prevent internal addresses from being translated and revealed on the
> Internet, using RFC 1918 address space. Use network address
translation
> (NAT) technologies-for example, port address translation (PAT)."
> >
> > It matters not how much B.S. this is, only that being non-compliant
> (as per the technically challenged auditor determines) allows Visa,
> MasterCard, Discover, and Amex to fine the *&^$# out of you and/or
> revoke your organization's ability to transact credit cards.
> >
> > Sorry, I couldn't help but bring a new twist to the conversation.
> Or, uh, throw gas on the fire.
> >
> > Rodgers Moore, CCIE# 8153
> > CSO
> > Fortress Network Security
> > 2500 Technology Dr
> > Louisville KY 40299
> >
> >
> > -----Original Message-----
> > From: arin-ppml-bounces at arin.net [mailto:arin-ppml-bounces at arin.net]
> On Behalf Of Chris Engel
> > Sent: Wednesday, October 28, 2009 4:06 PM
> > To: 'Paul G. Timmins'; Joe Maimon; Chris Grundemann
> > Cc: arin-ppml at arin.net
> > Subject: Re: [arin-ppml] IPv4 Depletion as an ARIN policy concern
> >
> > Paul,
> >
> >
> > Respectfully, that is because for the vast majority of
Network/System
> Admins IPv6 and the details of it's implementation are barely a blip
on
> the radar screen....if that.
> >
> > I can attest that NAT is a tool which see's extensive use among said
> Admins...and NOT simply because one cannot obtain enough public IP
> addresses. As I believe I have illustrated...it has a variety of
useful
> functionality for us. I can assure you that if something in IPv6 does
> not offer the equivalent functionality to that which NAT currently
> provides for IPV4 and in a similarly convenient manner.....you are
> going to hear a VERY loud wailing and gnashing of teeth from this
> population.
> >
> > I'm sure that is a sound that will resonate with equipment vendors.
> However without some confidence that some sort of NAT66 solution will
> be provided (or nearly identical functionality can be
> achieved).....your going to see alot of resistance in this population
> to IPv6 adoption.
> >
> > If you want people to actually be SUPPORTIVE of that adoption rather
> then RESISTANT then you have to provide some assurance that the tools
> they are used to working with to solve real problems will be available
> in some form.....or at the very least a substitute that achieves
> equivalent functionality and is easily translatable.
> >
> >
> >
> >
> >
> >
> > "Taking this to its logical conclusion, it's not necessary for
> community consensus to implement NAT66. If people demand it, and
> equipment vendors want to implement it, they will, and then will
> standardize it after the fact, much like many other current standards
> have been done.
> >
> > The fact that no such standard exists and no platform I'm aware of
> implements NAT66 is pretty telling in and of itself.
> >
> > -Paul"
> > _______________________________________________
> > PPML
> > You are receiving this message because you are subscribed to
> > the ARIN Public Policy Mailing List (ARIN-PPML at arin.net).
> > Unsubscribe or manage your mailing list subscription at:
> > http://lists.arin.net/mailman/listinfo/arin-ppml
> > Please contact info at arin.net if you experience any issues.
> > _______________________________________________
> > PPML
> > You are receiving this message because you are subscribed to
> > the ARIN Public Policy Mailing List (ARIN-PPML at arin.net).
> > Unsubscribe or manage your mailing list subscription at:
> > http://lists.arin.net/mailman/listinfo/arin-ppml
> > Please contact info at arin.net if you experience any issues.
> >
> _______________________________________________
> PPML
> You are receiving this message because you are subscribed to
> the ARIN Public Policy Mailing List (ARIN-PPML at arin.net).
> Unsubscribe or manage your mailing list subscription at:
> http://lists.arin.net/mailman/listinfo/arin-ppml
> Please contact info at arin.net if you experience any issues.
More information about the ARIN-PPML
mailing list