Tim, On Mar 9, 2022, at 9:09 AM, Tim Howe <tim.h@bendtel.com> wrote:
Some of our biggest vendors who have supposedly supported v6 for over a decade have rudimentary, show-stopping bugs.
Not disagreeing (and not picking on you), but despite hearing this with some frequency, I haven’t seen much data to corroborate these sorts of statements.
A subset of these vendors will listen to you and fix the problems. Give them your support and loyalty. I want to name names so bad…
Perhaps the right approach would be similar for network operators to move to a timed full disclosure model (like Google’s Project Zero for security issues)? In the software security world, this model seems to have had a positive impact in getting fixes out. If a vendor who claims v6 support doesn’t actually support v6 (or, if a vendor fixes a known lack of v6 support), it would seem to me that this is information that folks on NANOG (and elsewhere) would find useful. Regards, -drc