Well I really would hope that if there were such an award that the people awarding it would bother to review the actual presentation rather than one journalists account of it. In this case the speaker gives a heads up talk on IPv6 to DEFCON and instead of thanking him you start accusing him of being ill informed without bothering to read his presentation. So who is really the uninformed party here? I did bother to read the slides and they are on a par with more than a few IETF technical plenary talks I have sat through. I would also hope that the security of IPv6 is given rather more serious review than 'someone is looking at it'. I find that less than inspiring to be honest. The consensus IETF view of security is not necessarily my view of security. In particular, I do not care very much about the theoretical equivalence of the protocols. Proof by analogy is a very dangerous form of security argument. It has led to many security catastrophes. So I would not accept the argument that IPv4=IPv6. A real security specialist knows that even if IPv6 changes nothing in principle, its use will exercise new code paths that have seen far less use than their IPv4 equivalents. That in turn creates new opportunities for the cracker. The security of a system is the security of the system as implemented, and not according to the theory. The issue of exposing MAC addresses is a very important security concern. It was not a security issue in OSI or Decnet Phase V because they were dead as a parrot before the security issues could become significant. It is something I would hope that a speaker would raise in a security talk. He does and he tells people to make sure they have the privacy shield on so they are not exposing their MAC address - good advice. The issue about firewalls is that a lot of appliances cannot cope with IPv6 so they just bypass all IPv6 packets. This creates a real security hole in many systems that can be exploited as a means of firewall bypass. I would imagine that the practical part of the talk involved attacking actual firewalls that were not quite as IPv6 ready as the manufacturers claimed. Back in the day more than a few firewalls have shipped that fail open circuit when overloaded. So all that was necessary to bypass the firewall was a flooding attack. And the same is now true of many 'application firewall' products. On Thu, Aug 26, 2010 at 6:36 PM, Dave Cridland <dave@xxxxxxxxxxxx> wrote: > On Thu Aug 26 22:37:42 2010, Arnt Gulbrandsen wrote: >> >> It's true that someone said all that. It's probably true that the firewall >> your boss bought in 2006 doesn't support IPv6. It's probably even true that >> some people consider this a problem of IPv6 rather than of the firewall. >> >> The rest is all bullshit. >> >> Conferences with presentations should have a "most bullshit per minute" >> prize, with some sort of plaque. > > Could we award it in the plenary, like the Postel Award? > > Only problem is who to name it after. > > Without being sued for defamation, I mean - there's no shortage of > candidates. > > Dave. > -- > Dave Cridland - mailto:dave@xxxxxxxxxxxx - xmpp:dwd@xxxxxxxxxxxxxxxxx > - acap://acap.dave.cridland.net/byowner/user/dwd/bookmarks/ > - http://dave.cridland.net/ > Infotrope Polymer - ACAP, IMAP, ESMTP, and Lemonade > _______________________________________________ > Ietf mailing list > Ietf@xxxxxxxx > https://www.ietf.org/mailman/listinfo/ietf > -- Website: http://hallambaker.com/ _______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf