[ipv6hackers] Design and Configuration of IPv6 Segments with High Security Requirements

Tim Chown tjc at ecs.soton.ac.uk
Fri Dec 13 15:29:59 CET 2013


On 13 Dec 2013, at 12:54, Enno Rey <erey at ernw.de> wrote:

> Folks,
> I gave a talk with said title yesterday at ACSAC in New Orleans. The slides can be found at http://www.insinuator.net/2013/12/design-configuration-of-ipv6-segments-with-high-security-requirements/.
> This might be of interest for some of you. Given there's some controversial theses in it, I'm happy to ignite any discussion on those here... ;-)

Always interesting to read different views.

On the longer-than-/64 thing, a group of us are about to publish a -00 draft on this topic, so you might want to read/contribute.  The draft highlights there's a lot more places that /64 matters than many people might think.

I doubt much of what you suggest would be implemented in a typical university environment like ours here at least. It would add quite a bit of complexity (as you say, running things in a non-standard way) for very little gain.  The two things most university admins seem to baulk at when they get a basic IPv6 training is privacy addresses and DHCP differences (DUID).


More information about the Ipv6hackers mailing list