> > >>> Except there really is no vendor lock anymore. It is > >>> possible to automate the entire renumbering process. If > >>> there are spots where it is not automated then they should > >>> be found and fixed. > >>> > >> Oh man, that's rich. Do you actually believe that? > >> > > > > If you design the network for IPv6 and not just copy the > > IPv4 model. If you use the technology that has been developed > > over the last 20 years, rather than disabling it, yes it is > > possible. > > > That helps, but understanding of IPv6 and mindshare is even harder than > forklift upgrades. I'll agree that it is hard. That's why the clue x 4 keeps having to be applied. > And you have to educate everyone who might need to configure an application, > not just network admins. The network admins are a early step. > And if you start > looking for technology that would let you automate renumbering your > entire network, you might find that the technology that exists is > incomplete and unproven. Which is why I keep saying. Run through the renumbering exercise. Find the problems. Report them to your vendors. Vendors being proactive would be a big help here. > I have yet to see a reliable, standard way to > transmit address-based access-control information to applications, for > instance. (don't tell them to use DNS, because besides being too > unreliable to use for this, I am not aware of a DNS record that can > transmit a list of IP address prefix/netmask pairs to applications, It exists. > or of a standard API that would allow applications to find such > information. They also exist. > oh yes, and practical use of DNS security still seems to > elude us. It will as long as people don't actually sign there zones. Have you asked for cs.utk.edu to be signed? % dig dnskey cs.utk.edu ; <<>> DiG 9.3.4-P1 <<>> dnskey cs.utk.edu ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46982 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;cs.utk.edu. IN DNSKEY ;; AUTHORITY SECTION: cs.utk.edu. 900 IN SOA dns01.cs.utk.edu. miturria.cs.utk.edu. 2007090900 10800 1800 604800 900 ;; Query time: 387 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Fri Sep 14 00:46:21 2007 ;; MSG SIZE rcvd: 79 % > and yeah, we shouldn't be using IP addresses for access > control - but the general purpose technology to replace that doesn't > seem to exist yet, so for the time being people are making do with what > they have.) > -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews@xxxxxxx _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf