Yes, that is exactly what IPv6 expects of us. The only surprising part is by all indications the IPv6 designers did not think this would be a problem. -----Original Message----- From: William Herrin [mailto:bill@herrin.us] Sent: Monday, March 24, 2014 1:14 PM To: Joe Greco Cc: nanog@nanog.org Subject: Re: misunderstanding scale On Mon, Mar 24, 2014 at 8:31 AM, Joe Greco <jgreco@ns.sol.net> wrote:
all successful security is about _defense in depth_. If it is inaccessible, unrouted, unroutable and unaddressable then you have four layers of security. If it is merely inaccessible and unrouted you have two.
Time to give up two layers of meaningless security for the riches offered by the vastness of the new address space.
Hi Joe, You'd expect folks to give up two layers of security at exactly the same time as they're absorbing a new network protocol with which they're yet unskilled? Does that make sense to you from a risk-management standpoint? -Bill -- William D. Herrin ................ herrin@dirtside.com bill@herrin.us 3005 Crane Dr. ...................... Web: <http://bill.herrin.us/> Falls Church, VA 22042-3004