[ipv6hackers] my IPv6 insecurity slides

Owen DeLong owend at he.net
Fri Dec 16 20:27:55 CET 2011

On Dec 16, 2011, at 3:38 AM, Marco Ermini wrote:

> On 24 November 2011 20:45, Markus Reschke wrote:
> [...]
>> That situation will not last very long! We'll see more and more IPv6-only
>> networks, since all IPv4 addresses will be assigned soon. Users will
>> complain that they can't reach the webshop or B2B site of a new company. So
>> nearly any network is forced to support IPv6 sooner or later.
> As long as vendors continue to make huge money with Carrier Grade's
> 6-4 NAT, no, I don't necessarily agree.

Then you obviously haven't tried using any of those systems from a user

> [...]
>> As I wrote above: connectivity is more important than security (for users)!
>> IPv6 won't be an option, it's becoming a requirement. It's not our decision
>> because the market is heading to IPv6. We may advise how to improve security
>> but nothing more.
> Users do not care how they are connected. If an ISP is able to make
> them reach IPv6-only sites (are there any relevant out there up to
> now? I don't believe so) without changing their home router (which is
> a major cost for the ISP), they won't have any big interest in that.

Not yet, but, when there are, it's already too late. Your users will be upset and it
will take you several months to catch up.

>> So any discussions about deploying IPv6 or not are futile IMHO.
> Indeed they are not, but should be put in the right prospective.

IPv6 is a question of when, not if. ISPs that believe otherwise will very likely succumb
to natural selection within 5 years.

ISPs that believe that when can be put off significantly by using various forms of NAT
will also likely suffer unless they are able to leverage a monopoly position to preserve
userbase in spite of poor service.


More information about the Ipv6hackers mailing list