-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, Jan 5, 2011 at 10:36 PM, Dobbins, Roland <rdobbins@arbor.net> wrote:
On Jan 6, 2011, at 1:26 PM, Joe Greco wrote:
A bunch of very smart people have worked on IPv6 for a very long time, and justification for /64's was hashed out at extended length over the period of years.
Very smart people can and do come up with bad ideas, and IPv6 is a textbook example of this phenomenon, heh. I certainly bear my share of the responsibility for this state of affairs by not getting involved, and leaving the heavy lifting to others.
As someone who has been immersed in security for many years now, and having previously been very intimately involved in the network ops community for equally many years, I have to agree with Roland here. Just because a lot of smart people have worked on IPv6 for many years does not mean that the security issues have been equally well thought out. I see this as very similar to all IP technology evolution issues -- none of which ever really focused on the dedicated attacker/criminal using the same technology to attack/defraud/hijack/etc. This is not meant as a slight to anyone -- just a realization of looking at security from a real-world perspective. It seems to always have to get "bolted on" as an afterthought, instead of baked-in from the beginning. $.02, - - ferg -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.5.3 (Build 5003) wj8DBQFNJWVcq1pz9mNUZTMRAtimAJ4xWmqbP4Or5KFnonDW8XtOMMvMjgCcCswk 9JDJXNyDgUV4RnZlfDcBges= =KKZ+ -----END PGP SIGNATURE----- -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawgster(at)gmail.com ferg's tech blog: http://fergdawg.blogspot.com/