[ipv6hackers] Looking for feedback on subjective top list of IPv6 security issues

Cameron Byrne cb.list6 at gmail.com
Fri Mar 8 21:22:35 CET 2013


On Mar 8, 2013 9:35 AM, "Fernando Gont" <fgont at si6networks.com> wrote:
>
> On 03/08/2013 01:20 PM, Cameron Byrne wrote:
> >
> >> May be. But with v6 we still have to go for about 10 years to get where
> >> IPv4 implementations are. -- not that I like it, though.
> >>
> >
> > So, my point is not really in the specifics.  In the last 2 years I know
> > for sure Microsoft, Cisco, and Juniper all had critical bugs where a
> > special Ipv4 packet would cause a catastrophic failure, right?
> >
> > I don't think the lessons of Ipv4 are really lessons.
>
> We can agree on that one -- for instance, I used to include exactly this
> phrase in my slideware.
>
>
> > People reinvent
> > the wheel and fail in both new and the same ways all the time.
> >
> > I just don't think it means anything to say that Ipv4 is baked and Ipv6
> > is not.
>
> The issue is that the v4 code has been around for longer. So more bugs
> have been fixed than in the v4 case. And since the number of bugs/lines
> of code is kind of "constant", more bugs remain to be fixed in v6.
> That's it.
>

One could also postulate that the v6 code was developed in a more mature
environment with better practices and lessons learned from the v4 battle
scars. V4 has a ton of legacy baggage and the folks that made the v4 code
were learning and coding on the fly.  The v6 code is better because it is a
clean slate and designed with more experience at hand.

I hope you see this as fruitless hand waving on both sides :)

CB

> --
> Fernando Gont
> SI6 Networks
> e-mail: fgont at si6networks.com
> PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492
>
>
>
>



More information about the Ipv6hackers mailing list