[ipv6hackers] my IPv6 insecurity slides

Fernando Gont fgont at si6networks.com
Thu Nov 24 19:03:46 CET 2011

On 11/24/2011 11:35 AM, Carlos M. Martinez wrote:
> If we as practitioners communicate the idea that there is something
> called IPv6 which seems to be really, really insecure, then the public
> will still not know what it is, but they sure will reject it. 

I personally think that any "one size fits all" answer is wrong.

We, "practitioners", first need to assess whether IPv6 deployment for a
particular scenario makes or does not make sense (*). And in those
scenarios in which it does make sense, we need to be able to mitigate
any security implications there may be associated with IPv6.
If we're good enough at what we do, then we must be able to mitigate
many/most of the issues involved with IPv6.

It's as bad to take stance of "deploy v6 everywhere" as it is to take
the stance of "disable IPv6 everywhere". We first should assess where it
is needed, and in those networks in which is needed, we must be good
enough to deploy it in a secure manner with whatever we have at hand.

I think the aforementioned ideas apply not only to IPv6, but to any
technology in general (that's "engineering", after all!).

(*) a discussion of the scenarios in which v6 deployment makes or does
not make sense is out-of-scope for this particular e-mail...

Fernando Gont
SI6 Networks
e-mail: fgont at si6networks.com
PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492

More information about the Ipv6hackers mailing list