[ipv6hackers] my IPv6 insecurity slides

[Markus Reschke]

On Thu, 24 Nov 2011, Fernando Gont wrote:

Hi Fernando!

> We, "practitioners", first need to assess whether IPv6 deployment for a
> particular scenario makes or does not make sense (*). And in those
> scenarios in which it does make sense, we need to be able to mitigate
> any security implications there may be associated with IPv6.

That situation will not last very long! We'll see more and more IPv6-only 
networks, since all IPv4 addresses will be assigned soon. Users will 
complain that they can't reach the webshop or B2B site of a new company. 
So nearly any network is forced to support IPv6 sooner or later.

> If we're good enough at what we do, then we must be able to mitigate
> many/most of the issues involved with IPv6.

Yep!

> It's as bad to take stance of "deploy v6 everywhere" as it is to take
> the stance of "disable IPv6 everywhere". We first should assess where it
> is needed, and in those networks in which is needed, we must be good
> enough to deploy it in a secure manner with whatever we have at hand.

As I wrote above: connectivity is more important than security (for 
users)! IPv6 won't be an option, it's becoming a requirement. It's not our 
decision because the market is heading to IPv6. We may advise how to 
improve security but nothing more.

So any discussions about deploying IPv6 or not are futile IMHO.

cu
  Markus
-- 
/ Markus Reschke \ / madires at theca-tabellaria.de \ / FidoNet 2:244/1661 \
\                / \                             / \                    /