On Mon, Jul 04, 2016 at 06:41:00PM +0900, Masataka Ohta wrote:
Jared Mauch wrote:
Actually they are not that great. Look at the DDoS mess that UPnP has created and problems for IoT (I call it Internet of trash, as most devices are poorly implemented without safety in mind) folks on all sides.
Are you saying, without NAT or something like that to restrict reachable ports, the Internet, regardless of whether it is with IPv4 or IPv6, is not very secure?
I'm saying two things: 1) UPnP is a security nightmare and nobody (at scale) will let you register ports with their CGN/edge. 2) We are an industry in transition. Internet connectivity will soon be defined by v6 + v4, not v4+ sometimes v6. There are challenges still, AWS, UBNT UniFi and things like the CableWifi/xfinitywifi don't do V6 currently. I've heard most of these are coming. There are still a lot of self-proclaimed "IT Experts" that say stuff like "why use DNS", or the well meaning "Cybermoon CEO Amitay Dan" who says you should use an IP address to manage your home router. Of course when people see that, I'm sure they all are thinking IPv4 vs using a .local domain name. Much of this is because we're technical people and most users are non-technical, they just want their stuff(tm) to work. We must make it seamless, and this will mean providing them a method to have their technology work. Take how most people copy files between devices today. I may go and SFTP or SCP files around, know the paths, set my prompt but others? USB or a service like Dropbox. It's about the technology as a tool. If you fail to see IPv6 as part of that tool to fix things and think that everyone will do the right thing, you will face hurdles. Our services need to work for the broadest set of users. Many people are now used to the non-e2e results of a NAT/CGN environment. They work around it with other solutions. Soon? IPv4AAS will be abundant to bridge those who lack full internet access. - Jared -- Jared Mauch | pgp key available via finger from jared@puck.nether.net clue++; | http://puck.nether.net/~jared/ My statements are only mine.