[ipv6hackers] Design and Configuration of IPv6 Segments with High Security Requirements
Tim Chown
tjc at ecs.soton.ac.uk
Fri Dec 13 15:29:59 CET 2013
Hi,
On 13 Dec 2013, at 12:54, Enno Rey <erey at ernw.de> wrote:
> Folks,
>
> I gave a talk with said title yesterday at ACSAC in New Orleans. The slides can be found at http://www.insinuator.net/2013/12/design-configuration-of-ipv6-segments-with-high-security-requirements/.
> This might be of interest for some of you. Given there's some controversial theses in it, I'm happy to ignite any discussion on those here... ;-)
Always interesting to read different views.
On the longer-than-/64 thing, a group of us are about to publish a -00 draft on this topic, so you might want to read/contribute. The draft highlights there's a lot more places that /64 matters than many people might think.
I doubt much of what you suggest would be implemented in a typical university environment like ours here at least. It would add quite a bit of complexity (as you say, running things in a non-standard way) for very little gain. The two things most university admins seem to baulk at when they get a basic IPv6 training is privacy addresses and DHCP differences (DUID).
Tim
More information about the Ipv6hackers
mailing list