Domain isolation is good up to the point that "Option C style" is needed (for E2E services, without any GW in the middle) Then domain isolation would become not so isolated. It is the rear case now, but Cloud/DC is a good example of when it is better not to have an additional gateway for service stitching. Ed/ -----Original Message----- From: Gert Doering [mailto:g...@space.net] Sent: Thursday, February 24, 2022 9:20 PM To: Vasilenko Eduard <vasilenko.edu...@huawei.com> Cc: Jeroen Massar <jer...@massar.ch>; Gert Doering <g...@space.net>; JORDI PALET MARTINEZ via ipv6-wg <ipv6-wg@ripe.net> Subject: Re: [ipv6-wg] Hijacking unused address space for a private infrastructure - any legal consequences?
Hi, On Thu, Feb 24, 2022 at 06:11:59PM +0000, Vasilenko Eduard via ipv6-wg wrote: > > Eh. So, you might want to consider not deploying insecure technology (SRv6) > > that has very obvious security problems, as has been pointed out on the > > various IETF lists, or misusing address space for something it is not meant > > for. > > The next solution in the same draft > https://datatracker.ietf.org/doc/html/draft-ietf-spring-srv6-srh-compr > ession-00 does not have the same problem. It has just one copy of the > prefix in the destination address. Hence, it could be any length (even bigger > the /64). Much better wrt address consumption, but still SR6 has unsolved security problems. As a consequence, SR6 can only be deployed if your network is fully disconnected from everyone else (including possibly untrusted customers) - and if you have that, it does not really matter what addresses you use. Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279 -- To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/ipv6-wg
