On Apr 18, 2014 10:04 AM, William Herrin b...@herrin.us wrote:
That's correct: you don't understand. Until you do, just accept: there
are more than a few folks who want to, intend to and will use NAT for
IPv6. They will wait until NAT is available in their preferred
products before making any
On Apr 17, 2014 3:07 PM, valdis.kletni...@vt.edu wrote:
On Thu, 17 Apr 2014 14:50:01 -0400, William Herrin said:
To vendors who would sell me product, I would respectfully suggest
that attempts to forcefully educate me as to what I *should want*
offers neither a short nor particularly
On Apr 17, 2014 7:52 PM, Matthew Kaufman matt...@matthew.at wrote:
While you're at it, the document can explain to admins who have been
burned, often more than once, by the pain of re-numbering internal services
at static addresses how IPv6 without NAT will magically solve this problem.
If
On Mar 27, 2014 8:01 PM, Tim Durack tdur...@gmail.com wrote:
NANOG arguments on IPv6 SMTP spam filtering.
Deutsche Telecom discusses IPv4-IPv6 migration:
https://ripe67.ripe.net/presentations/131-ripe2-2.pdf
Facebook goes public with their IPv4-IPv6 migration:
Hmmm. Phone accidentally sent email before it was finished.
Indeed. Having been deeply involved leading the technical side of our
transition at my organization for the past three years, I think those who
wait until the IPv6/IPv4 divide is roughly 50/50 or later are going to be
in for a world of
On Mar 26, 2014 6:27 PM, Luke S. Crawford l...@prgmr.com wrote:
My original comment and complaint, though, was in response to the
assertion that DHCPv6 is as robust as DHCPv4. My point is that DHCPv6
does not fill the role that DHCPv4 fills, if you care about tying an IP to
a MAC and you want
On Mon, Mar 24, 2014 at 1:51 AM, Mark Tinka mark.ti...@seacom.mu wrote:
On Monday, March 24, 2014 01:37:52 AM Timothy Morizot wrote:
Yes. As I said, same general sorts of risks for the most
part as in IPv4. Details differ, but same general types.
My point was that it's mostly FUD to wave
On Mon, Mar 24, 2014 at 1:38 AM, Mark Tinka mark.ti...@seacom.mu wrote:
On Sunday, March 23, 2014 09:35:31 PM Denis Fondras wrote:
When speaking of IPv6 deployment, I routinely hear about
host security. I feel like it should be stated that this
is *in no way* an IPv6 issue. May the device
On Mon, Mar 24, 2014 at 6:56 AM, Saku Ytti s...@ytti.fi wrote:
On (2014-03-24 07:46 -0400), Brandon Ross wrote:
Maybe he does not suspect enough clueless people exist to pay that premium?
Starting LIR + company, costs about 4000EUR, this gives you /22 for LIR,
putting IPv4 address price at
On Mon, Mar 24, 2014 at 11:36 AM, Alexander Lopez alex.lo...@opsys.comwrote:
not to mention the cost in readdressing your entire network when you
change an upstream provider.
Nat was a fix to a problem of lack of addresses, however, the use of
private address space 10/8, 192.168/16 has
On Mon, Mar 24, 2014 at 8:25 AM, Joe Greco jgr...@ns.sol.net wrote:
Bill Herrin wrote:
I say this with the utmost respect, but you must understand the
principle of defense in depth in order to make competent security
decisions for your organization. Smart people disagree on the details
On Mon, Mar 24, 2014 at 12:37 PM, William Herrin b...@herrin.us wrote:
What sort of traction are you getting from that argument when you
speak with enterprise security folks?
Actually, I never even had to make the argument in our enterprise. Our
cybersecurity organization already knew that
On Mar 23, 2014 11:27 AM, Paul Ferguson fergdawgs...@mykolab.com wrote:
Also, IPv6 introduces some serious security concerns, and until they
are properly addressed, they will be a serious barrier to even
considering it.
And that is pure FUD. The sorts of security risks with IPv6 are mostly in
On Mar 23, 2014 4:45 PM, bmann...@vacation.karoshi.com wrote:
Yo, Tim/Scott. Seems you have not been keeping up.
http://go6.si/wp-content/uploads/2011/11/DREN-6-Slo-IPv6Summit-2011.pdf
points out several unique problems w/ IPv6 and in deployments
where
there are
On Mar 23, 2014 4:45 PM, Paul Ferguson fergdawgs...@mykolab.com wrote:
Also, neighbor discovery, for example, can be dangerous (admittedly,
so can ARP spoofing in IPv4). And aside from the spoofable ability of
ND, robust DHCPv6 is needed for enterprises for sheer operational
continuity.
Yes.
On Mar 23, 2014 6:21 PM, Paul Ferguson fergdawgs...@mykolab.com wrote:
Says you.
And many others. My comments were actually reiterating what I commonly see
presented today.
On the other hand, there are beaucoup enterprise networks unwilling to
consider to moving to v6 until there are
On Mar 23, 2014 7:24 PM, Mike Hale eyeronic.des...@gmail.com wrote:
It's derisive because you completely dismiss a huge security issue
that, given the state of IPv6 adoption, a great majority of companies
are facing.
The original assertion was that there are unaddressed security weaknesses
in
On Mar 23, 2014 7:54 PM, Mike Hale eyeronic.des...@gmail.com wrote:
unless by few you simply mean a minority
Which I do.
Then that's fine. But there are numerous enterprises in that minority and
it includes some pretty large enterprises. My own enterprise organization
has more than 600 sites,
On Mar 23, 2014 8:44 PM, Mike Hale eyeronic.des...@gmail.com wrote:
Your attack surface has already expanded whether or not you deploy IPv6.
Not so. If I don't enable IPv6 on my hosts, the attacker can yammer
away via IPv6 all day long with no result.
I suppose it depends on the size of your
On Mar 23, 2014 8:44 PM, Michael Thomas m...@mtcc.com wrote:
It seems to me that the only thing that really matters in v6 wars for
enterprise is whether their
content side has a v6 face. Who really cares whether they migrate away
from v4 so long as
they make their outward facing content (eg
Unless I misremember, everyone who receives a direct allocation from ARIN
and signs an RSA is automatically a member. It's not clear to me what
owner of a /24 network means in that context. (I don't recall if signing
an LRSA in and of itself also makes one a member, since by the time we had
signed
I've been in the process of rolling out IPv6 (again this night) across a
very large, highly conservative, and very bureaucratic enterprise. (Roughly
100K employees. More than 600 distinct site. Yada. Yada.) I've had no
issues whatsoever implementing the IPv6 RA+DHCPv6 model alongside the IPv4
On Jun 20, 2013 5:31 PM, Randy Bush ra...@psg.com wrote:
and dnssec did not save us. is there anything which could have?
Hmmm. DNSSEC wouldn't have prevented an outage. But from everything I've
seen reported, had the zones been signed, validating recursive resolvers
(comcast, google, much of
On Jun 20, 2013 7:30 PM, Rubens Kuhl rube...@gmail.com wrote:
In this case of registrar compromise, DS record could have been changed
alongside NS records, so DNSSEC would only have been a early warning,
because uncoordinated DS change disrupts service. As soon as previous
timeouts played out,
On Nov 6, 2012 6:35 AM, Seth Mos seth@dds.nl wrote:
Hi,
Since about a week or so it's become impossible to reach wp.com content
over IPv6.
[snip]
It looks like tunneled IPv6 users might be in hurt here.
Is anyone else experiencing similar issues?
I've definitely had problems from my
On Sep 16, 2012 6:58 PM, John R. Levine jo...@iecc.com wrote:
IPv6 has its problems, but running out of addresses is not one of them.
For those of us worried about abuse management, the problem is the
opposite, even the current tiny sliver of addresses is so huge that
techniques from IPv4 to
26 matches
Mail list logo
