18 Apr
2014
18 Apr
'14
10:16 p.m.
On Fri, Apr 18, 2014 at 10:04:35PM -0400, Jeff Kell wrote:
As to address the other argument in this threat on NAT / private addressing, PCI requirement 1.3.8 pretty much requires RFC1918 addressing of the computers in scope... has anyone hinted at PCI for IPv6?
1.3.8 lists use of RFC1918 address space as one of four possible implementations, immediately after the phrase "may include, but are not limited to". I don't interpret that as "pretty much requires RFC1918". Now, if you'd like to claim that 1.3.8 is completely useless, I won't argue with you -- it's security-by-obscurity of the worst possible form. But don't blame PCI compliance for any inability to deploy IPv6, because it just ain't true. - Matt