On Aug 23, 2010, at 2:53 PM, Manfredi, Albert E wrote: > Jared Mauch: > >> The biggest feedback I hear from people about IPv6 (besides the extra >> bits for addressses) is "Security", but they generally don't know what >> that is outside marketing speak. > > +1, in spades. Nor do these folk seem to appreciate that it's not the network > that bears the greatest burden in providing that security. It is the clients.
They also don't get that it doesn't buy you anything if you don't use it, or that it is generally available on IPv4 systems as well. Do a packet capture on your favorite LAN and measure the percentage of IPsec-protected traffic. Then ask yourself how many of those systems in fact implement IPsec code. It's largely about the distribution of certificates and "turning it on". > And that this is also true with IPv4. You don't get security if only the > network is secure. Conversely, you can get security if the network is not > secure. > > The /64 limitation only applies for SLAAC. Seems to me that there are many > service providers with examples of links where SLAAC isn't applicable. I > don't see why models that work with IPv4, like CIDR, must be rejected out of > hand. Making IPv6 "less different" from IPv4 can only help its > implementation, IMO. > > And too, good IPv6 ideas, like multiple addresses per client, also create new > problems and new mechanisms for non-reachability, which are still having to > be solved. > > Bert > -------------------------------------------------------------------- > IETF IPv6 working group mailing list > ipv6@ietf.org > Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 > -------------------------------------------------------------------- -------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
