> consider an ipv6-reachable light switch in my house. does > anyone still think that it can have "end to end" > connectivity, so that if i want to monitor it or control it > while on vacation, i'll send IPSEC-signed datagrams from my > hotel room to do so? that i'll subject it to every DDoS > attack, stack smash attack, IPSEC key guessing attack, plus > any other attacks i can't think of or which havn't been > invented yet? or do we think that it'll sit in fe80:: and be > talked to only by some local (hardened) proxy? or that at > best it'll have a ULA-G address, reachable by my household > security company's local embedded network but no further?
This isn't the use-case that matters because, as you pointed out, light-switches are likely to be hidden behind a master-controller of some sort. The important use-case is devices which need to behave like a telephone set, i.e. raise an alarm when there is an incoming connection attempt and establish a connection upon request of the local user or some device that proxies for the local user. Of course this telephone-set device may be an actual VoIP telephone with attached answering machine. Or it could be something entirely different such as a medical monitoring device, a home security device which is polled at random intervals, or a blackberry-like device, etc. etc. > on the other hand, i like where you went with this, so i'll > quote it all in hopes that those who didn't read it the first > time will read it now: > > > On the other hand, PA is a form of "lock-in". Renumbering > is painful, > > if the scope of the renumbering is large. > > > > If a PA assignment is directly to an "end user", e.g. an > enterprise, > > this in theory isn't likely to be a large scope, or is at > least manageable. > > > > It is when the PA assignments are further subassigned, that > the scope > > becomes a significant issue, and the pain (of renumbering) grows. > > yea, verily. tell it, brother! Agreed. This is a problem that still needs to be addressed by the IETF. In IPv4 the excuse was that the number space was limited. But in IPv6 we no longer need to impose one model on everyone. I'm working on a draft that presents one possibility. --Michael Dillon -------------------------------------------------------------------- IETF IPv6 working group mailing list [email protected] Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
