NIST IPv6 document

[fergdawgster at gmail.com (Paul Ferguson)]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wed, Jan 5, 2011 at 10:36 PM, Dobbins, Roland <rdobbins at arbor.net>
wrote:

>
> On Jan 6, 2011, at 1:26 PM, Joe Greco wrote:
>
>> A bunch of very smart people have worked on IPv6 for a very long time,
>> and justification for /64's was hashed out at extended length over the
>> period of years.
>
> Very smart people can and do come up with bad ideas, and IPv6 is a
> textbook example of this phenomenon, heh.  I certainly bear my share of
> the responsibility for this state of affairs by not getting involved, and
> leaving the heavy lifting to others.
>

As someone who has been immersed in security for many years now, and having
previously been very intimately involved in the network ops community for
equally many years, I have to agree with Roland here. Just because a lot of
smart people have worked on IPv6 for many years does not mean that the
security issues have been equally well thought out.

I see this as very similar to all IP technology evolution issues -- none of
which ever really focused on the dedicated attacker/criminal using the same
technology to attack/defraud/hijack/etc.

This is not meant as a slight to anyone -- just a realization of looking at
security from a real-world perspective. It seems to always have to get
"bolted on" as an afterthought, instead of baked-in from the beginning.

$.02,

- - ferg

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.5.3 (Build 5003)

wj8DBQFNJWVcq1pz9mNUZTMRAtimAJ4xWmqbP4Or5KFnonDW8XtOMMvMjgCcCswk
9JDJXNyDgUV4RnZlfDcBges=
=KKZ+
-----END PGP SIGNATURE-----



-- 
"Fergie", a.k.a. Paul Ferguson
?Engineering Architecture for the Internet
?fergdawgster(at)gmail.com
?ferg's tech blog: http://fergdawg.blogspot.com/