ietf-smtp
[Top] [All Lists]

Re: SMTP Kerberos Considerations

2011-11-05 19:52:13
At 03:42 -0400 on 11/05/2011, Hector Santos wrote about Re: SMTP Kerberos Considerations:

Robert A. Rosenberg wrote:

At 17:54 -0400 on 11/02/2011, Hector Santos wrote about SMTP Kerberos Considerations:

I don't know enough about how IPv6 are assigned today.

The idea is that the user gets a IPv6/64 Network address from their Connection Provider like they currently get a IPv4/32.

So you can get one or a bank of addresses? Depending on the business package? Note, we have a class C address.

If you are a home user you would get a single IPv6/64 Network address. That address will allow you to set up your own LAN. There is no need for your connectivity provider to supply you more than one address prefix since all of your devices are hosts under that prefix. If you currently have a IP4/24 (Class C Network address) all of your 252 devices would still each get their own routable address from your router. A company as opposed to a single user might get a IPv6/56 or IPv6/48 (see http://en.wikipedia.org/wiki/IPv6_subnetting_reference).

The low 64 bits are the Host Address. Normally this includes the device's MAC Address although it can be a random number to prevent tracking the device via the address. The user can use the high part of the low 64 bits to make up their own LAN (like the current NAT mapping does for the single supplied IPv4 address).

I think that is the "AH HA" I was missing.

As I said when the device connects it uses its MAC Address as part of its address so each address is unique.
See http://en.wikipedia.org/wiki/IPv6_subnetting#IPv6_subnetting.


So you can get one ISP provided IPv6 address and and use it for internal addresses without needing a NAT?

Yes. Since each device would fill in the low 64 bits with its unique MAC Address you get the equivalent of NAT. Your connectivity provider hands off all packed via a /64 mask so all the packets go to you (just like a IPv4/32 goes to a NAT box and passed by it to the LAN) for LAN routing. Note that a device can hide its MAC address by using a random number that does not match the MAC Address format so identification of the device for tracking purposes stops at the network interface (just like with a NAT Box).


So long as each user is given their own IPv6/64 network address this would avoid identification scaling issues vs the current use of an IPv4 address (ie: Treat the IPv6/64 masked address as the current IPv4/32 one is treated and you have the same granularity for graylisting/etc. purposes).

Thanks. Very helpful overview.

--
Sincerely

Hector Santos
http://www.santronics.com
jabber: hector(_at_)jabber(_dot_)isdg(_dot_)net

Attachment: -!3a) Happy.gif
Description: GIF image

<Prev in Thread] Current Thread [Next in Thread>