Firewall Wizards mailing list archives
Re: Off topic: Any one know of a good IPV6 reference book?
From: Paul Robertson <proberts () patriot net>
Date: Wed, 30 Jul 2003 20:10:35 -0400 (EDT)
On Tue, 29 Jul 2003, Jonn Martell wrote:
Doesn't V6 allow for end-to-end encryption and authentication?
SSL allows for end-to-end encryption and authentication. That just doesn't happen to *solve* many of our problems.
That would solve a lot of issues for secure networks. And with the cap off addresses, it should make thing very interesting. It will change the Internet so that unauthenticated traffic will get a different class of service.
If your routers have to authenticate traffic to figure out the QoS for the traffic, you're going to have to do some significant infrastructure changes that don't just involve renumbering. If you're going to defeat replay attacks, connection setup is going to suck.
NAT was a hack and although it works fine for small environments it falls apart for large user networks. The lack of auditing is pure nightmare for tracking down abuse from the inside in a large network.
You get as much auditing as you put in, no matter if the address space is routed externally or not- NAT adds nor subtracts from that equation. Most switches solve that problem these days with 802.1x. 802.1x is your friend. Embrace 802.1x.
I applaud the DOD efforts, they created the Internet and I have no doubt that mandating V6 will tip the scales for adoption. They did this in early 80 with IP, they'll do it again.
DoD really doesn't have a good reason for interoperating with the commercial Internet in peer to peer mode, in fact I'd be that many folks inside DoD wish they didn't ;) Anyway, Al Gore created the Internet ;) Paul ----------------------------------------------------------------------------- Paul D. Robertson "My statements in this message are personal opinions proberts () patriot net which may have no basis whatsoever in fact." probertson () trusecure com Director of Risk Assessment TruSecure Corporation _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- RE: Off topic: Any one know of a good IPV6 reference book? Marcus J. Ranum (Jul 28)
- RE: Off topic: Any one know of a good IPV6 reference book? Don Kendrick (Jul 29)
- RE: Off topic: Any one know of a good IPV6 reference book? George Jones (Jul 29)
- Re: Off topic: Any one know of a good IPV6 reference book? Joseph S D Yao (Jul 29)
- Re: Off topic: Any one know of a good IPV6 reference book? Christopher Hicks (Jul 31)
- Re: Off topic: Any one know of a good IPV6 reference book? H. Morrow Long (Jul 31)
- RE: Off topic: Any one know of a good IPV6 reference book? George Jones (Jul 29)
- Re: Off topic: Any one know of a good IPV6 reference book? Jonn Martell (Jul 30)
- Re: Off topic: Any one know of a good IPV6 reference book? Paul Robertson (Jul 30)
- RE: Off topic: Any one know of a good IPV6 reference book? Don Kendrick (Jul 29)