On 12/7/10 5:18 AM, david raistrick wrote: > On Mon, 6 Dec 2010, Owen DeLong wrote: > >> Seriously, though, you're welcome to use fd00::/8 for exactly that >> purpose. The problem is that you (and hopefully it stays this way) >> won't have much luck finding a vendor that will provide the NAT for >> you to do it with. > > [with my flame-retardant hat installed firmly] > > So what's the IPV6 solution for PCI compliance, where 1.3.8 requires the > use of RFC1918 space? Admitedly, it's been a year or two since I last > had to engineer around that particular set of rules...but it's life or > death for a lot of folks.
Document a compensating control... That particular case is trivial to demonstrate that the in scope addresses are not exposed to the internet. > > > -- > david raistrick http://www.netmeister.org/news/learn2quote.html > [email protected] http://www.expita.com/nomime.html > >
