Roger Jørgensen wrote: > Sent: Tuesday, October 26, 2010 1:53 PM > To: Fred Baker; IETF Discussion > Subject: Re: [Full-disclosure] IPv6 security myths > > On Tue, Oct 26, 2010 at 10:39 PM, Fred Baker <fred@xxxxxxxxx> wrote: > <snip> > > In the scope of things, wh does having one of out of the many needed > tools make > > IPv6 different than IPv4, especially given that the indicated tool is > present in both > > IPv4 and IPv6 implementations? > > > > Scratch-a-my-head. I don't see it. > > I have a feeling the idea that IPv6 add something to security might be > linked back > to the IPsec focus real early on in the IPv6 era, like years and years > ago. > Why it happen or how, I don't really know. How it happened? --- Ever heard of NAT? At the time IPsec through nat did not widely exist, and even implementations that figured out udp had the problem that the cert often included a 1918 address which didn't match the packet header source address. It is easy to forget context when bashing something after the fact... As Fred said there are many things that go into defining 'security'. Often people that are too focused on their little corner of the world put a box around the term 'security' to fit within their local context. People that want to do something outside that box are by definition 'breaking security'. Consider that there are many impossible-to-resolve situations like: End user considers 'security' to mean "nobody except the recipient can see this" Network admin tasked with Intellectual Property protection considers 'security' to mean "I have to see everything to verify its content doesn't violate security policy" You can't have both of those cases at the same time, yet both definitions of 'security' are valid. When people force-fit their local context on someone else's attempt to use the ambiguous term, misunderstanding and group-think bashing closely follow. Tony _______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf