[ipv6hackers] my IPv6 insecurity slides

Fernando Gont fgont at si6networks.com
Thu Nov 24 20:27:32 CET 2011 

Hi, Carlos,

On 11/24/2011 12:54 PM, Carlos M. Martinez wrote:
> I definitely agree with you on the part that one-size-fits-all are bad,
> and that both stances on IPv6 deployment are probably wrong. However,
> thanks to your insight I now realize that one of my points there is that
> even where both stances are wrong, they are not equally distributed in
> the sense that today you can deploy IPv6 securely in probably 80 - 90 %
> of common scenarios.

The extent to which IPv6 can be deployed securely depends mostly on:
* The expertise of the team deploying IPv6
* The manufacturers/vendors involved

So yes, in most cases you can deploy IPv6 securely (although for obvious
reasons, IPv6 still is one additional piece in the puzzle, and hence
increases the attack surface.... as any technology would)



> On the needs analysis you mention, I tend to agree with you. However
> there is a catch-22 situation here: if you ask people today if they
> "need IPv6", the answer will be NO 99.9% of the time. By the time they
> are all jailed behind layers and layers of CGN's and they realize that
> the IPv6 thing maybe wasn't that bad after all.

When considering the question "do you need IPv6?", one should consider
whether the "alternative" to IPv6 deployment is that in the short/near
term they'd be deploying CGN. And if *that* is the case, then they do
*need* IPv6.


> The time of "needing" IPv6 is now even if most people do not realize it.
> 
> I am basically scared, and not of some IPv6 attacks. I am scared of what
> huge economic interests (yes, telcos and larger-than-life ISPs, I'm
> looking at you) can make of the Internet if they take this window of
> opportunity they have today.

Well, you do not need to wonder much: those economic interests are what
we got to a situation in which many networks that do need IPv6
deployment (and should have deployed IPv6 a long time ago) are now
heading towards CGN.

Any equation that has "money" among its parameters can have disgusting
results.

But that's in the core of human nature... just consider the effect of
such greed on most of the world's social problems...


> Olaf Kolkman made a far better presentation of this situation than I can
> possibly hope to make myself, you can take a look at his slides here:
> http://www.nlnetlabs.nl/~olaf/LACNIC_XVI_Meat_and_Greed.pdf

Will take a look.

Thanks,
-- 
Fernando Gont
SI6 Networks
e-mail: fgont at si6networks.com
PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492

More information about the Ipv6hackers mailing list