Re: NIST IPv6 document

[Paul Ferguson <fergdawgster () gmail com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wed, Jan 5, 2011 at 10:36 PM, Dobbins, Roland <rdobbins () arbor net>
wrote:

> On Jan 6, 2011, at 1:26 PM, Joe Greco wrote:
>
> > A bunch of very smart people have worked on IPv6 for a very long time,
> > and justification for /64's was hashed out at extended length over the
> > period of years.
>
> Very smart people can and do come up with bad ideas, and IPv6 is a
> textbook example of this phenomenon, heh.  I certainly bear my share of
> the responsibility for this state of affairs by not getting involved, and
> leaving the heavy lifting to others.

As someone who has been immersed in security for many years now, and having
previously been very intimately involved in the network ops community for
equally many years, I have to agree with Roland here. Just because a lot of
smart people have worked on IPv6 for many years does not mean that the
security issues have been equally well thought out.

I see this as very similar to all IP technology evolution issues -- none of
which ever really focused on the dedicated attacker/criminal using the same
technology to attack/defraud/hijack/etc.

This is not meant as a slight to anyone -- just a realization of looking at
security from a real-world perspective. It seems to always have to get
"bolted on" as an afterthought, instead of baked-in from the beginning.

$.02,

- - ferg

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.5.3 (Build 5003)

wj8DBQFNJWVcq1pz9mNUZTMRAtimAJ4xWmqbP4Or5KFnonDW8XtOMMvMjgCcCswk
9JDJXNyDgUV4RnZlfDcBges=
=KKZ+
-----END PGP SIGNATURE-----



-- 
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawgster(at)gmail.com
 ferg's tech blog: http://fergdawg.blogspot.com/