Re: user-relative names - was:[Re: Yahoo and IPv6]
--- joelja@bogus.com wrote: From: Joel Jaeggli <joelja@bogus.com>
if you put something in the dns you do so because you want to discovered. scoping the nameservers such that they only express certain certain resource records to queriers in a particular scope is fairly straight forward. --------------------------------------------------------
The article was not about DNS. It was about "Persistent Personal Names for Globally Connected Mobile Devices" where "Users normally create personal names by introducing devices locally, on a common WiFi network for example. Once created, these names remain persistently bound to their targets as devices move. Personal names are intended to supplement and not replace global DNS names."
you mean like mac addresses? those have a tendency to follow you around in ipv6... ----------------------------------------- <disclaimer> Still an IPv6 wussie... :-) </disclaimer> Only if you design your network that way. EUI-64 isn't required. scott
On May 17, 2011, at 7:51 PM, Scott Weeks wrote:
--- joelja@bogus.com wrote: From: Joel Jaeggli <joelja@bogus.com>
if you put something in the dns you do so because you want to discovered. scoping the nameservers such that they only express certain certain resource records to queriers in a particular scope is fairly straight forward. --------------------------------------------------------
The article was not about DNS. It was about "Persistent Personal Names for Globally Connected Mobile Devices" where "Users normally create personal names by introducing devices locally, on a common WiFi network for example. Once created, these names remain persistently bound to their targets as devices move. Personal names are intended to supplement and not replace global DNS names."
you mean like mac addresses? those have a tendency to follow you around in ipv6... -----------------------------------------
<disclaimer> Still an IPv6 wussie... :-) </disclaimer>
Only if you design your network that way. EUI-64 isn't required.
don't much matter, if you move around you're going get them a lot.
scott
On Tue, 17 May 2011 20:22:23 PDT, Joel Jaeggli said:
On May 17, 2011, at 7:51 PM, Scott Weeks wrote:
Only if you design your network that way. EUI-64 isn't required. don't much matter, if you move around you're going get them a lot.
Of course, if you're moving around and getting EUI-64 addresses via SLAAC, you can almost certainly use RFC4941 privacy addresses (instead of/in addition to) your MAC-address based address. Unless you end up behind a fascist firewall that actually checks that the EUI-64 half of the SLAAC address actually matches your MAC address - but we all know that firewalls are weak at IPv6 support, so probably nobody's actually doing that checking. :)
On Tue, May 17, 2011 at 9:37 PM, <Valdis.Kletnieks@vt.edu> wrote:
Unless you end up behind a fascist firewall that actually checks that the EUI-64 half of the SLAAC address actually matches your MAC address - but we all know that firewalls are weak at IPv6 support, so probably nobody's actually doing that checking. :)
Nevermind you can change your MAC address easily on most networks, since most don't provide any reasonable way of verifying that L2 packets are from where they claim to be. FWIW, Windows Vista and 7 default to using privacy addresses with SLAAC. Even without that, today, in the IPv4 NAT world, it's pretty much possible to uniquely identify a user nearly almost all of the time anyhow - at least for web access. This is thanks to browser fingerprinting - see https://panopticlick.eff.org/browser-uniqueness.pdf There's a lot of FUD about IPv6. Yes, the addresses are longer. But which is easier - remembering all the intermediate layers of network translation (likely two boxes for nearly every residential and small business user) or an IPv6 address that is the same, regardless of whether you are another customer on the same ISP, a public internet user, or an internal corporate user? Nevermind what it is like to debug IPSEC/PPTP/L2TP, SIP, or P2P protocols with just one NAT involved. Imagine doing that with two NAT devices (CGN + home NAT). If you haven't had that unfortunate pleasure, than I envy you! There's also no reason we should have to remember our IPv6 addresses. Seriously. There are about 50 protocols to name things on networks, many of which are scope aware. Among other things, it's why we don't typically have to remember MAC addresses - ARP works and it works well. Just because bad design forced us to remember IPv4 addresses doesn't mean our IPv6 networks should carry over that brokenness. IPv6 is also already in widespread use (I would guess all 500 of the Fortune 500 have it somewhere on their network, albeit quite likely not intentionally). I use it almost daily for my Apple MobileMe account (albeit typically tunneled over IPv4, all behind-the-scenes). I also use it when I stream music around my house (Bonjour will utilize IPv6, AirTunes typically uses it). Windows admins might be using it too (DirectAccess; MS Remote Assistance if firewalls block connectivity then Windows will set up a direct IPv6 link, tunneling through your firewalls and NAT...). And Grandma very well may be using it today (Windows "Home Groups" use IPv6). I would guess half of the family members of NANOG list subscribers are using IPv6 on a daily basis - TODAY. The danger is in ignoring what is already on your networks. Sure, you can't get to most websites via IPv6. But it's being used for plenty of useful work today, although mostly as a way around firewalls and as isolated islands (not connected to the global IPv6 network).
participants (4)
-
Joel Jaeggli
-
Joel Maslak
-
Scott Weeks
-
Valdis.Kletnieks@vt.edu