[arin-ppml] The role of NAT in IPv6

Jeff Aitken jaitken at aitken.com
Mon Apr 19 09:00:17 EDT 2010

On Fri, Apr 16, 2010 at 02:06:53AM -0500, David Farmer wrote:
> https://www.pcisecuritystandards.org/security_standards/pci_dss.shtml
> [...] yes it does say NAT.


The PCI DSS references both NAT and RFC1918, which is obviously specific to
IPv4.  Do you know what requirements are coming re: IPv6?  Looks like the
PCI folks are in the middle of the 24-month review process for v1.2.  If
"the industry" feels that there should be more than one acceptable
configuration, then perhaps "we" should find a way to work with the PCI
folks to eliminate the need to handle that via the compensating controls
exercise.  E.g., 1.3.8 could be amended to state that internal addresses
must be unrouteable, but not explicitly reference RFC1918 (or RFC4193, in a
v6 context).  This seems like a good example of "education and outreach"
that benefits the membership.

Note that I am blissfully ignorant of any potential political or religious 
implications here.  If this idea is stupid or otherwise impractical, or if
we've BTDT already, then I apologize for the noise. :-)


More information about the ARIN-PPML mailing list