firewall-wizards@listserv.icsalabs.com
To subscribe or unsubscribe via the World Wide Web, visit
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
or, via email, send a message with subject or body 'help' to
firewall-wizards-request@listserv.icsalabs.com
You can reach the person managing the list at
firewall-wizards-owner@listserv.icsalabs.com
When replying, please edit your Subject line so it is more specific
than "Re: Contents of firewall-wizards digest..."
Today's Topics:
1. Re: IPv6 (Brad Van Orden)
2. Re: IPv6 (Dave Piscitello)
3. Re: IPv6 (Dave Piscitello)
4. Re: IPv6 (Kerry Milestone)
----------------------------------------------------------------------
Message: 1
Date: Tue, 11 Jan 2011 14:19:26 -0500
From: Brad Van Orden <brad@van-orden.org>
Subject: Re: [fw-wiz] IPv6
To: firewall-wizards@listserv.icsalabs.com
Message-ID: <4D2CAD3E.1090801@van-orden.org>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Unfortunately the powers that be in the DoD have heard the words that IPv6 is more secure and have
declared that all networks in the DoD will switch to it. It's slow going, but I think eventually we
won't be able to resist. :(
Brad Van Orden
On 1/11/2011 1:37 AM, Marcus J. Ranum wrote:
> Dave Piscitello wrote:
>> I suppose if you force vendors in 2011 by regulatory caveat you can
>> force businesses in 2012. Sad...
>
> Dave, you've got to *seriously* ask yourself "what good is this
> standard?" if you've got to think of ways to *FORCE* people to
> adopt it. I mean, really. Doesn't that say everything that
> needs to be said?
>
> mjr.
------------------------------
Message: 2
Date: Tue, 11 Jan 2011 10:08:46 -0500
From: Dave Piscitello <dave@corecom.com>
Subject: Re: [fw-wiz] IPv6
To: firewall-wizards@listserv.icsalabs.com
Message-ID: <4D2C727E.6010009@corecom.com>
Content-Type: text/plain; charset="iso-8859-1"
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
That my tongue was stuffed in my cheek as I wrote this was apparently
not conveyed in the mail.
On 1/11/2011 1:37 AM, Marcus J. Ranum wrote:
> Dave Piscitello wrote:
>> I suppose if you force vendors in 2011 by regulatory caveat you can
>> force businesses in 2012. Sad...
>
> Dave, you've got to *seriously* ask yourself "what good is this
> standard?" if you've got to think of ways to *FORCE* people to
> adopt it. I mean, really. Doesn't that say everything that
> needs to be said?
>
> mjr.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQEcBAEBAgAGBQJNLHJ+AAoJEDa3DI8IpP3/giQH/A+F96BW1ShW29gcaaI0TQ7T
SS/6vOmVkqGGuLBLmjuTMdEdOTexw+8qNeIPmlQIxgqwUuSMwHs44c3B2VDjKM/b
KSDIMLx9w9H1eqp5YIgOpdZRiI193E+bpRMjM4ukI1IlC35/1dQ989GjS+wakRc7
HX/8jQMtPVoH58a4bArpy9dDrsFTs8lnD+K+ENanyd8Iv/pjbb1NDaubtKCJxkN7
VSmeIffssa8tHYRgr8Jcy8YvyxNQyVDpyaTNFU15WdZyiDmsmr1fQgLa/4JoccAG
vMUFJ+jlXpPctMW5SagsuDywni214XHbEd4GH471bqiOsphe4FaIjlKo382R95M=
=j5xq
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: dave.vcf
Type: text/x-vcard
Size: 220 bytes
Desc: not available
URL: <https://listserv.icsalabs.com/pipermail/firewall-wizards/attachments/20110111/0290de3a/attachment.bin>
------------------------------
Message: 3
Date: Tue, 11 Jan 2011 10:18:45 -0500
From: Dave Piscitello <dave@corecom.com>
Subject: Re: [fw-wiz] IPv6
To: firewall-wizards@listserv.icsalabs.com
Message-ID: <4D2C74D5.7030206@corecom.com>
Content-Type: text/plain; charset="iso-8859-1"
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 1/7/2011 6:31 PM, Marcus J. Ranum wrote:
> Dave Piscitello wrote:
>> I am also not convinced that some 11th hour 59th minute "change of
>> heart" won't occur, and someone will convince the community of an
>> alternative course.
>
> Back a long time ago, in the shrouded mists of yesteryear,
> some of us asked "why not just double the address size, left-fill
> with zeroes, bump the version number, and rock on?"
>
> The answer, at that time...
That may be the answer you were offered, but the chronology of events
leading to the "selection" of IPv6 is a much darker and IMO uglier
affair. Ask John Currin (ARIN) for an eye-witness account. He's one of
the few whose eyes were not clouded or gouged out. I'll simply say that
IPNG is to IETF what the child in the streets who cried "but he has
nothing on!" was to the Emperor in Hans Christian Andersen's "the
Emperor's New Clothes".
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQEcBAEBAgAGBQJNLHTVAAoJEDa3DI8IpP3/PSoH/1psVmWlB1sHfgKa6StaRP30
hWabcjWq1ixPlCbz7MlqVZhS1Mg67MCd4jnYxZEZ0cerbmmuJ3D3ly9fECf2jmAs
aHtTEy2gTMnVLpWcHdvwpLP0R4/8loupZ5GrSPp31Faql1OFU44G6varfTPXTPM+
q/AfZI8u10XrGWZif6uzDBZxlUGiBRoH98Fdsc3u9oD2hKeEqsRo0hC/pEYzY38j
XceJ5g0Elt0H520vRYxp9VPWTUOAmghf9FWoftpEnqI47EywuQbgoALtM8gRs3xL
NX8qOmoFioj7GMTy4wnugX/MuMtD/w5ZQeRLrTNAmimFeRfRV2Dz5xqb8le+r3o=
=/xYr
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: dave.vcf
Type: text/x-vcard
Size: 220 bytes
Desc: not available
URL: <https://listserv.icsalabs.com/pipermail/firewall-wizards/attachments/20110111/b48bc960/attachment-0001.bin>
------------------------------
Message: 4
Date: Tue, 11 Jan 2011 12:41:13 +0000
From: Kerry Milestone <km4@sanger.ac.uk>
Subject: Re: [fw-wiz] IPv6
To: Firewall Wizards Security Mailing List
<firewall-wizards@listserv.icsalabs.com>
Message-ID: <4D2C4FE9.1060109@sanger.ac.uk>
Content-Type: text/plain; charset=ISO-8859-1
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I can't help but think that it'll be the consumerist products which eventually drive demand for it. Having an IPv6
address on rfid tags or hard coded in consumer items such as microwaves for warranty repairs etc, prescription drug
packaging etc - being able to trace the entire life of a product. Things like 'smart' fridges will be useful and every
device connected to the Home Area Network (The HAN - why not? ;) and tunnelled back to the mothership to state the
refrigerant pressure is down.
Until there is a real financial gain and ROI to be made it's really just an academic exercise. Change needs to be
driven from the top down with a real incentive for a paradigm shift, and FUD about 'the internet running out' doesn't
really help the cause as IPv6 is not just about 'more addresses'. Traditional internet devices alone I don't think are
enough to demand IPv6 as indeed NAT does allow thousands of devices behind it, and many devices (such as many consumer
DSL subscribers) do not need direct routes. I do fear a bit however that there will be a 'Premium' internet where
institutions like FaceBook have their traffic on a much higher priority route to clients (you have a subscription to the
'network') so people will simply stop using 'out-site' systems and their users internet will be contained within the
ecosystem - just see the amount of companies with the 'join us on facebook' running competitions etc tv ads.
At the moment, the only real working incentive/need seems to be to directly peer with China internet or of course HPC
and connecting to various computing grids.
As for vendors, it seems at the moment that if you want to really work well and be flexible with IPv6 is to build your
own devices and run free software with high end commodity cards. I'm not willing to state my experiences with various
vendor equipment trails on this list, alas experience has shown that being IPv6 'enabled' on the glossy pamphlets
doesn't sometimes mean 'working'.
(sorry to quote wikipedia directly - i know, i know... bit lazy)
The origins of CNGI date to 2001 when 57 members of the Chinese Academy of Science and Chinese Academy of Engineering
wrote a letter to the State Council recommending construction of the next generation academic Internet. In 2002 the
National Development and Reform Commission (NDRC) organized a study of the topic, and in 2003 the study group submitted
a strategic report. After authorization, the CNGI was then launched under the auspices of eight ministries: NDRC as the
lead, Ministry of Education, Ministry of Information Industry, the State Council Information Office, Chinese Academy of
Science, Chinese Academy of Engineering, and the National Natural Science Foundation.
As of October 2009, the CNGI effort comprises six nationwide backbone networks and 39 GigaPOPs, which extends the next
generation footprint to over 20 major cities and over 300 academic, industrial, and government research campuses within
China. Five backbones are commercial (operated by China Telecom, China Unicom, China Netcom/CSTNET, China Mobile, and
China Railcom), with an additional academic research network operated by CERNET, which is known as CNGI-CERNET2. CNGI
also encompasses two exchange points (IX) in Beijing (named CNGI-6IX) and Shanghai for interconnecting these backbones
and for international links to APAN, GEANT, and Internet2.
On 07/01/11 00:00, Paul Melson wrote:
> On Thursday, January 6, 2011, Dave Piscitello <dave@corecom.
>>
>> If ever the phrase "living on borrowed time" applied to the Internet, it
>> might be now. Many organizations are approaching a time when they may
>> have to accept a weaker security deployment in order to add systems
>> because they won't be able to obtain IPv4 addresses.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAk0sT+kACgkQ840aYY1lKXmGFQCgqCbbYOI6v4FOqPS/L7dQDqgT
HrAAoJT/TizRPPnH7K00ttbRkSaABfuu
=Y/rT
-----END PGP SIGNATURE-----
--
The Wellcome Trust Sanger Institute is operated by Genome Research
Limited, a charity registered in England with number 1021457 and a
company registered in England with number 2742969, whose registered
office is 215 Euston Road, London, NW1 2BE.
------------------------------
_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
End of firewall-wizards Digest, Vol 55, Issue 6
***********************************************
No comments:
Post a Comment