[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IPv6 (was: Oh yeah, I'm famous)



On Thu, Aug 10, 2000 at 06:09:07PM -0400, Jordan Bettis wrote:
> On Wed, 9 Aug 2000, Danny Sauer wrote:
> 
> > Is IPv6 ever gonna happen on the internet?  Multiple TLD's are neat and
> > all, but they still don't really make any more room for all of my
> > appliances to be directly accessable via the internet.
> 
> Who needs it? I mean, some of the features are cool (protocol level
> encryption anybody?) but ip-masq has made the whole "Oh no! We're running
> out of IP's!" argument moot.

IP masq, NAT, PAT, whatever, are neat, but they're still nasty hacks
around an artificial problem for the most part.  (NAT has interesting
applications that aren't so hackish - IP anonymization among them, for
example.)

For just one example, try setting up a VPN to allow users in one
private network (with, say, a 192.168.1.0/24 network) to access a
resource provided on a separate network over the Internet with
identical numbering (192.168.1.0/24, in our example).  It can be done,
but let me tell you: it's layered kludging of wedding-cake-in-August
proportions.  I am dealing with this right now.

These kinds of problems go away with IPv6, when you can afford to
reserve address blocks for internal machines again.

Also, technically, you can do opportunistic encryption on top of IPv4
right now by the specs (though the code is still catching up).  You
need kernel IPSec support, secure DNS, and public keys stored in DNS
(on both sides).  On Linux, the only thing missing is the ability for
the IPSec layer to look up and use DNS keys transparently.
-
To unsubscribe, send email to majordomo@luci.org with
"unsubscribe luci-discuss" in the body.