On Mar 4, 2007, at 11:11 AM, Brian E Carpenter wrote:
But irrelevant - the problems that NAT causes, and that having sufficient address space (a.k.a. IPv6) solves, are orthogonal to security. That is the whole point in this thread.
Of course stateful firewalls and NATs offer protection, whether for IPv4 or IPv6. Most notable concerns are in regard to routing both IPv6 & IPv4. Accommodating IPv6 likely require a sizable investment, with the effect of diminishing the value of an IP address. Will this mean network behavior might then run amok?
Reducing the value of the IP address will impact security, as many protocols depend upon IP address ACLs and black-hole lists. Being unable to readily track IPv6 address space will likely introduce an era where public acceptance of messaging adopts CA certificates over the use of IP addresses. This practical necessity improves security, but also at a cost.
-Doug _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf