>
> >>> Except there really is no vendor lock anymore. It is
> >>> possible to automate the entire renumbering process. If
> >>> there are spots where it is not automated then they should
> >>> be found and fixed.
> >>>
> >> Oh man, that's rich. Do you actually believe that?
> >>
> >
> > If you design the network for IPv6 and not just copy the
> > IPv4 model. If you use the technology that has been developed
> > over the last 20 years, rather than disabling it, yes it is
> > possible.
> >
> That helps, but understanding of IPv6 and mindshare is even harder than
> forklift upgrades.
I'll agree that it is hard. That's why the clue x 4 keeps having
to be applied.
> And you have to educate everyone who might need to configure an application,
> not just network admins.
The network admins are a early step.
> And if you start
> looking for technology that would let you automate renumbering your
> entire network, you might find that the technology that exists is
> incomplete and unproven.
Which is why I keep saying. Run through the renumbering exercise.
Find the problems. Report them to your vendors. Vendors being
proactive would be a big help here.
> I have yet to see a reliable, standard way to
> transmit address-based access-control information to applications, for
> instance. (don't tell them to use DNS, because besides being too
> unreliable to use for this, I am not aware of a DNS record that can
> transmit a list of IP address prefix/netmask pairs to applications,
It exists.
> or of a standard API that would allow applications to find such
> information.
They also exist.
> oh yes, and practical use of DNS security still seems to
> elude us.
It will as long as people don't actually sign there zones.
Have you asked for cs.utk.edu to be signed?
% dig dnskey cs.utk.edu
; <<>> DiG 9.3.4-P1 <<>> dnskey cs.utk.edu
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46982
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;cs.utk.edu. IN DNSKEY
;; AUTHORITY SECTION:
cs.utk.edu. 900 IN SOA dns01.cs.utk.edu.
miturria.cs.utk.edu. 2007090900 10800 1800 604800 900
;; Query time: 387 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Fri Sep 14 00:46:21 2007
;; MSG SIZE rcvd: 79
%
> and yeah, we shouldn't be using IP addresses for access
> control - but the general purpose technology to replace that doesn't
> seem to exist yet, so for the time being people are making do with what
> they have.)
>
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: [EMAIL PROTECTED]
_______________________________________________
Ietf mailing list
[email protected]
https://www1.ietf.org/mailman/listinfo/ietf
