The author of the TechWeb article wrote those words extolling "improved security measures", not me, dude. :-) I stated explicitly that all of the "new features" lauded by v6 proponents have effectively been retro-fitted to v4, thereby negating almost every v6 migration argument, with the exception of a larger host address pool. Equally dumbfounded in v4-land, - ferg -- "Christopher L. Morrow" <christopher.morrow@mci.com> wrote:
over the current IPv4 technology. Among the additional advantages of IPv6 are improved security measures and additional links for wireless devices.
which 'security measures' are included in ipv6? which additional links for wireless devices? This keeps coming up in each discussion about v6, 'what security measures' is never really defined in any real sense. As near as I can tell it's level of 'security' is no better (and probably worse at the outset, for the implementations not the protocol itself) than v4. I could be wrong, but I'm just not seeing any 'inherent security' in v6, and selling it that way is just a bad plan. -dazed and confused in ipv4-land. -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg@netzero.net or fergdawg@sbcglobal.net ferg's tech blog: http://fergdawg.blogspot.com/
On Thu, 30 Jun 2005, Fergie (Paul Ferguson) wrote:
The author of the TechWeb article wrote those words extolling "improved security measures", not me, dude. :-)
the soap comment was aimed at you for the tom davis 'support' :) I understood you didn't write the other parts.
I stated explicitly that all of the "new features" lauded by v6 proponents have effectively been retro-fitted to v4, thereby negating almost every v6 migration argument, with the exception of a larger host address pool.
Yup, the retrofit has made all arguements (except: "Hey, look, my network is cooler than yours! it's newer!", and 'more space to ruin^H^H^H^Huse')
Equally dumbfounded in v4-land,
- ferg
-- "Christopher L. Morrow" <christopher.morrow@mci.com> wrote:
over the current IPv4 technology. Among the additional advantages of IPv6 are improved security measures and additional links for wireless devices.
which 'security measures' are included in ipv6? which additional links for wireless devices?
This keeps coming up in each discussion about v6, 'what security measures' is never really defined in any real sense. As near as I can tell it's level of 'security' is no better (and probably worse at the outset, for the implementations not the protocol itself) than v4. I could be wrong, but I'm just not seeing any 'inherent security' in v6, and selling it that way is just a bad plan.
-dazed and confused in ipv4-land.
-- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg@netzero.net or fergdawg@sbcglobal.net ferg's tech blog: http://fergdawg.blogspot.com/
We could have been much better served adding 3-bits at the beginning. Effectively giving a full IP v4 space to every continent (even Antartica) and having an extra one for the extra-terrestrial working group. ;) And it would have given us real geographic-based filtering capabilities at the same time without any major changes to everything we have worked so hard to get to the level of insanity where we are today. *shrug* Simple things often get overlooked. Notice though that the deadline in the US terms is squarely inside the "next guy's term". ;) Things that make you go "Hmmmmmmm..." Scott -----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf Of Fergie (Paul Ferguson) Sent: Thursday, June 30, 2005 4:37 PM To: christopher.morrow@mci.com Cc: nanog@merit.edu Subject: Re: OMB: IPv6 by June 2008 The author of the TechWeb article wrote those words extolling "improved security measures", not me, dude. :-) I stated explicitly that all of the "new features" lauded by v6 proponents have effectively been retro-fitted to v4, thereby negating almost every v6 migration argument, with the exception of a larger host address pool. Equally dumbfounded in v4-land, - ferg -- "Christopher L. Morrow" <christopher.morrow@mci.com> wrote:
over the current IPv4 technology. Among the additional advantages of IPv6 are improved security measures and additional links for wireless devices.
which 'security measures' are included in ipv6? which additional links for wireless devices? This keeps coming up in each discussion about v6, 'what security measures' is never really defined in any real sense. As near as I can tell it's level of 'security' is no better (and probably worse at the outset, for the implementations not the protocol itself) than v4. I could be wrong, but I'm just not seeing any 'inherent security' in v6, and selling it that way is just a bad plan. -dazed and confused in ipv4-land. -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg@netzero.net or fergdawg@sbcglobal.net ferg's tech blog: http://fergdawg.blogspot.com/
Scott Morris wrote:
We could have been much better served adding 3-bits at the beginning. Effectively giving a full IP v4 space to every continent (even Antartica) and having an extra one for the extra-terrestrial working group. ;)
And it would have given us real geographic-based filtering capabilities at the same time without any major changes to everything we have worked so hard to get to the level of insanity where we are today.
*shrug* Simple things often get overlooked.
bzzzt... You just described a rule #1 violation; IP addresses are routable entities and thus by definition unsuitable for any kind of geo-location. Rule #2 would be that IP addresses do (and must) not encode routing information, they just serve to transport data. All routing information is carried on the routing layer and applied to the forwarding layer from there. When do people learn that these layers do not intermix just like water and oil do not? I guess the only lession history teaches us is that it doesn't. -- Andre
Heheheh... But see, wasn't that one of the whole theories behind the "aggregation" schemes built into the allocation of IPv6 address? Come now... Because we have deployed it today in a manner where that's not possible doesn't make it a "rule" per se. Is this theory any different that simply filtering the multiple allocations denoted as RIPE or APNIC allocated IPv6 chunks? I'd think not. *shrug* You're reading way too many politics into this, but not seeing the designs of IPv6 in the same light. SSDP. (Same .... Different Protocol) Scott -----Original Message----- From: Andre Oppermann [mailto:nanog-list@nrg4u.com] Sent: Thursday, June 30, 2005 5:27 PM To: swm@emanon.com Cc: 'Fergie (Paul Ferguson)'; christopher.morrow@mci.com; nanog@merit.edu Subject: Re: OMB: IPv6 by June 2008 Scott Morris wrote:
We could have been much better served adding 3-bits at the beginning. Effectively giving a full IP v4 space to every continent (even Antartica) and having an extra one for the extra-terrestrial working group. ;)
And it would have given us real geographic-based filtering capabilities at the same time without any major changes to everything we have worked so hard to get to the level of insanity where we are today.
*shrug* Simple things often get overlooked.
bzzzt... You just described a rule #1 violation; IP addresses are routable entities and thus by definition unsuitable for any kind of geo-location. Rule #2 would be that IP addresses do (and must) not encode routing information, they just serve to transport data. All routing information is carried on the routing layer and applied to the forwarding layer from there. When do people learn that these layers do not intermix just like water and oil do not? I guess the only lession history teaches us is that it doesn't. -- Andre
Heheheh... But see, wasn't that one of the whole theories behind the "aggregation" schemes built into the allocation of IPv6 address? Come now...
Because we have deployed it today in a manner where that's not possible doesn't make it a "rule" per se.
nope. you're absolutely right. we just need the telcos to de-aggregate country, area, and prefix codes, and we can model after that. and pigs do fly (rfc 1925 2.3). randy
participants (5)
-
Andre Oppermann
-
Christopher L. Morrow
-
Fergie (Paul Ferguson)
-
Randy Bush
-
Scott Morris