[arin-ppml] The role of NAT in IPv6

Owen DeLong owen at delong.com
Mon Apr 19 09:25:38 EDT 2010

On Apr 19, 2010, at 6:00 AM, Jeff Aitken wrote:

> On Fri, Apr 16, 2010 at 02:06:53AM -0500, David Farmer wrote:
>> https://www.pcisecuritystandards.org/security_standards/pci_dss.shtml
>> [...] yes it does say NAT.
> David,
> The PCI DSS references both NAT and RFC1918, which is obviously specific to
> IPv4.  Do you know what requirements are coming re: IPv6?  Looks like the
> PCI folks are in the middle of the 24-month review process for v1.2.  If
> "the industry" feels that there should be more than one acceptable
> configuration, then perhaps "we" should find a way to work with the PCI
> folks to eliminate the need to handle that via the compensating controls
> exercise.  E.g., 1.3.8 could be amended to state that internal addresses
> must be unrouteable, but not explicitly reference RFC1918 (or RFC4193, in a
> v6 context).  This seems like a good example of "education and outreach"
> that benefits the membership.
A better phrase would be "unreachable" rather than "unroutable".

I agree.

> Note that I am blissfully ignorant of any potential political or religious 
> implications here.  If this idea is stupid or otherwise impractical, or if
> we've BTDT already, then I apologize for the noise. :-)
Nope, I think it's right on track.


More information about the ARIN-PPML mailing list