[arin-ppml] The role of NAT in IPv6
Owen DeLong
owen at delong.com
Mon Apr 19 09:25:38 EDT 2010
On Apr 19, 2010, at 6:00 AM, Jeff Aitken wrote:
> On Fri, Apr 16, 2010 at 02:06:53AM -0500, David Farmer wrote:
>> https://www.pcisecuritystandards.org/security_standards/pci_dss.shtml
>>
>> [...] yes it does say NAT.
>
> David,
>
> The PCI DSS references both NAT and RFC1918, which is obviously specific to
> IPv4. Do you know what requirements are coming re: IPv6? Looks like the
> PCI folks are in the middle of the 24-month review process for v1.2. If
> "the industry" feels that there should be more than one acceptable
> configuration, then perhaps "we" should find a way to work with the PCI
> folks to eliminate the need to handle that via the compensating controls
> exercise. E.g., 1.3.8 could be amended to state that internal addresses
> must be unrouteable, but not explicitly reference RFC1918 (or RFC4193, in a
> v6 context). This seems like a good example of "education and outreach"
> that benefits the membership.
>
A better phrase would be "unreachable" rather than "unroutable".
I agree.
> Note that I am blissfully ignorant of any potential political or religious
> implications here. If this idea is stupid or otherwise impractical, or if
> we've BTDT already, then I apologize for the noise. :-)
>
Nope, I think it's right on track.
Owen
More information about the ARIN-PPML
mailing list