nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: IPv6 end user addressing

From: Jeff Johnstone <jj () diamondtech ca>
Date: Thu, 11 Aug 2011 11:22:23 -0700
On Thu, Aug 11, 2011 at 10:52 AM, Greg Ihnen <os10rules () gmail com> wrote:



On Aug 11, 2011, at 1:04 PM, Owen DeLong wrote:



On Aug 11, 2011, at 5:41 AM, Jamie Bowden wrote:


Owen wrote:


-----Original Message-----
From: Owen DeLong [mailto:owen () delong com]
Sent: Wednesday, August 10, 2011 9:58 PM
To: William Herrin
Cc: nanog () nanog org
Subject: Re: IPv6 end user addressing


On Aug 10, 2011, at 6:46 PM, William Herrin wrote:


On Wed, Aug 10, 2011 at 9:32 PM, Owen DeLong <owen () delong com>

wrote:

Someday, I expect the pantry to have a barcode reader on it

connected back

a computer setup for the kitchen someday.  Most of us already use

barcode

readers when we shop so its not a big step to home use.


Nah... That's short-term thinking. The future holds advanced

pantries with

RFID sensors that know what is in the pantry and when they were

manufactured,

what their expiration date is, etc.


And since your can of creamed corn is globally addressable, the rest
of the world knows what's in your pantry too. ;)



This definitely helps explain your misconceptions about NAT as a
security tool.


Globally addressable != globally reachable.

Things can have global addresses without having global reachability.
There are
these tools called access control lists and routing policies. Perhaps
you've heard
of them. They can be quite useful.


And your average home user, whose WiFi network is an open network named
"linksys" is going to do that how?



Because the routers that come on pantries and refrigerators will probably

be

made by people smarter than the folks at Linksys?

Owen




I respectfully disagree. If appliance manufacturers jump on the bandwagon
to make their device *Internet Ready!* we'll see appliance makers who have
way less networking experience than Linksys/Cisco getting into the fray. I
highly doubt the pontifications of these Good Morning America technology
gurus who predict all these changes are coming to the home. Do we really
think appliance manufacturers are going to agree on standards for keeping
track of how much milk is in the fridge, especially as not just
manufacturing but also engineering is moving to countries like China? How
about the predictions that have been around for years about appliances which
will alert the manufacturer about impending failure so they can call you and
you can schedule the repair before there's a breakdown? Remember that one?
We don't even have an "appliance about to break, call repairman" idiot light
on appliances yet.

But I predict the coming of IPv6 to the home in a big way will have
unintended consequences.

I think the big shock for home users regarding IPv6 will be suddenly having
their IPv4 NAT firewall being gone and all their devices being exposed naked
to everyone on the internet. Suddenly all their security shortcomings (no
passwords, "password" for the password etc) are going to have catastrophic
consequences. I foresee an exponential leap in the  number of hacks of
consumer devices which will have repercussions well beyond their local
network. In my opinion that's going to be the biggest problem with IPv6, not
all the concerns about the inner workings of the protocols. I'm guessing the
manufacturers of consumer grade networkable devices are still thinking about
security as it applies to LANs with rfc 1918 address space behind a firewall
and haven't rethought security as it applies to IPv6.

Greg



+1

I think this is currently the biggest hole in IPV6 adoption. We need a drop
in firewall appliance along the lines of IPCOP for IPV6. This type of closed
unless tinkered with protection would encourage people to try it out and not
be too scared to move forward. This is a huge opportunity for some
Company/Open Source Developers Group to grab a huge chucnk of an emerging
market...   hint hint :)

cheers
Jeff
Previous By Date Next
Previous By Thread Next

Current thread: