Hi,
NAT is a fact today, has been for years, and people have been using
Bittorrent and Skype regardless.
And sometimes they (and other applications) don't work, because of
things like layered NAT.
Fix NAT issues instead of ditch it altogether.
For home users and SMBs, NAT is something that was taken care of.
IPv6 is a whole new bunch of risks. I am not against IPv6 per se. I
am against wide use of IPv6 right now. Let it mature.
How will it "mature" if nobody tries it? Fedora is a leading-edge
operating system, and full IPv6 support is part of that.
Fedora servers many different kinds of users, some of then are not
network people and would be hurt by current IPv6 problems. The network
people can enable IPv6, other should't have to disable it. That's the
same principle as don't let TCP ports open by default on iptables.
As IPv4 runs out, some ISPs are turning to "Carrier Grade NAT", which
adds layers of NAT that break things like P2P applications and IPSec.
I'll happily trade IPSec for OpenVPN. ;-)
That's nice, but in the real world, users have to connect to VPNs
configured by others (and many businesses need hardware VPN
concentrators, which OpenVPN won't work with).
In the real world, ISPs should fix their Carrier Grande NAT. There are
lots of ways wrong network configs can 0impact apps.
To just use the network they need only IPv4.
That is not true in some places (and the number of such places is
increasing all the time).
Defaults should focus most users, not the exceptions. When most users
need IPv6, it's ok to have it enabled by default.
Plese note I ain't proposing removing IPv6 support from the Fedora Linux
Kernel. I'm just proposing the default network configurations should
have IPv6 disabled, and those who want to use it should have to take
action (just click a checkbox) to enable.
They don't need the
security risks that current IPv6 implementation and default
configurations adds. Today, IPv6 is far from "just works". You are
advocating using all end users as guiena pigs for IPv6 evolution. I
advocate evolving IPv6 before exposing end users to ti.
You are several years behind the curve on IPv6.
You keep talking about IPv6 security risks (over IPv4), but haven't
cited any.
Please see my other message about them, won't repeat the links here. You
could just google "IPv6 security risks" to see articles from the current
year about then. And follow IETF RFCs to see how many proposals about
them are in Draft and not implement by most products yet. PLease don't
assume people who disagree with you no clue what they are talking about.
IPv6 does "just work" in many places; there are a lot of people that are
using IPv6 and don't even know it
And those are exposed to the security risks. We haven't see a
high-profile (media coverage) IPv6 attach yet just because so few peple
actually use it that it's not very attractive to hackers. But as ISPs
move on implements proper IPv6 support (without tunnels internally)
those ISP users are becoming so vulnerable.
Whether you like it or not, IPv6 is here today and is here to stay.
There is no practical alternative. Will there be bugs? Yes, of course;
people are still finding IPv4 bugs as well.
Will tell again: I'm bot against IPv6 per se. I agree it has to be
deployed. But I can't agree using end users and SMBs as guinea pigs,
waiting to see how hackers use it to create new attacks. Let the big
companies work this before giving IPv6 enabled by default in Fedora,
Windows, Mac and other OSes.
[]s, Fernando Lozano
--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
