On Jan 5, 2011, at 9:17 PM, Joe Greco wrote:
It has nothing to do with "security by obscurity". =20 You may wish to re-read what Joe was saying - he was positing sparse = addres=3D sing as a positive good because it will supposedly make it more = difficult f=3D or attackers to locate endpoints in the first place, i.e., security = through=3D obscurity. I think that's an invalid argument. =20 That's not necessarily security through obscurity. A client that just picks a random(*) address in the /64 and sits on it forever could be reasonably argued to be doing a form of security through obscurity. However, that's not the only potential use! A client that initiates each new outbound connection from a different IP address is doing something Really Good. =20 If hosts start cycling their addresses that frequently, don't you run = the risk of that becoming a form of DOS on your router's ND tables?
It could, but given the changes we've seen in the last twenty years, I have no reason to expect that this won't become practical and commonplace in IPv6. I think it is a matter of finding the right enabling technologies, and as others have noted, what currently exists for IPv6 isn't necessarily the best-of-breed. ... JG -- Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net "We call it the 'one bite at the apple' rule. Give me one chance [and] then I won't contact you again." - Direct Marketing Ass'n position on e-mail spam(CNN) With 24 million small businesses in the US alone, that's way too many apples.