On Fri, Jul 01, 2005 at 02:54:30PM +0000, Christopher L. Morrow wrote: > > > On Fri, 1 Jul 2005, Mohacsi Janos wrote: > > > > > > This keeps coming up in each discussion about v6, 'what security measures' > > > is never really defined in any real sense. As near as I can tell it's > > > level of 'security' is no better (and probably worse at the outset, for > > > the implementations not the protocol itself) than v4. I could be wrong, > > > but I'm just not seeing any 'inherent security' in v6, and selling it that > > > way is just a bad plan. > > > > > > > Just name a few: > > - Possibility to end-to-end IPSec. > > exists in v4 > > > - Not feasible scanning of subnets remotely > > eh... maybe, I'm not convinced this matters anyway. > > > - Privacy enhanced addresses - not tracking usage based on addresses > > dhcp can do this for you (v4 has mechanisms for this) > > > - Better ingress filtering > > > > right... because gear that filters so well in v4-land will filter so much > better in v6-land? you == crazy. > > > All those objections aside, I'd love to see v6 more fully deployed. I'm > not sure I see how it's going to get beyond 'research' or 'play' land, > except for some small cases, for quite some time. It's interesting that > the flood gates on ip space are openning at IANA though, that should > hasten the v6 takeup/deployment :)
Perhaps paraphrasing what Chris just said: At the end of the day, it is very difficult to make the case that IPv6 offers anything that IPv4 doesn't other than a larger address space. Dave
pgpiadOa4oEze.pgp
Description: PGP signature