RE: [Full-disclosure] IPv6 security myths

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Roger Jørgensen wrote:
> Sent: Tuesday, October 26, 2010 1:53 PM
> To: Fred Baker; IETF Discussion
> Subject: Re: [Full-disclosure] IPv6 security myths
> 
> On Tue, Oct 26, 2010 at 10:39 PM, Fred Baker <fred@xxxxxxxxx> wrote:
> <snip>
> > In the scope of things, wh does having one of out of the many needed
> tools make
> > IPv6 different than IPv4, especially given that the indicated tool is
> present in both
> > IPv4 and IPv6 implementations?
> >
> > Scratch-a-my-head. I don't see it.
> 
> I have a feeling the idea that IPv6 add something to security might be
> linked back
> to the IPsec focus real early on in the IPv6 era, like years and years
> ago.
> Why it happen or how, I don't really know.

How it happened?  --- Ever heard of NAT? At the time IPsec through nat did
not widely exist, and even implementations that figured out udp had the
problem that the cert often included a 1918 address which didn't match the
packet header source address. It is easy to forget context when bashing
something after the fact...

As Fred said there are many things that go into defining 'security'. Often
people that are too focused on their little corner of the world put a box
around the term 'security' to fit within their local context. People that
want to do something outside that box are by definition 'breaking security'.


Consider that there are many impossible-to-resolve situations like:
End user considers 'security' to mean "nobody except the recipient can see
this"
Network admin tasked with Intellectual Property protection considers
'security' to mean "I have to see everything to verify its content doesn't
violate security policy"

You can't have both of those cases at the same time, yet both definitions of
'security' are valid. When people force-fit their local context on someone
else's attempt to use the ambiguous term, misunderstanding and group-think
bashing closely follow.

Tony




_______________________________________________
Ietf mailing list
Ietf@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf



[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]