On 2010-08-27 11:10, Dave CROCKER wrote:
On 8/26/2010 2:27 PM, Brian E Carpenter wrote:
Apart from that, it's scare-mongering. Consider that
the basic model for IPv6 is not fundamentally different than IPv4;
why would the underlying security vulnerabilities be fundamentally
different?
well, just to give that question its due, interesting changes in details
can sometimes produce interesting changes in the behavior of a model and
therefore of its implications.
in this case, the vastly larger address space of IPv6 permits attackers
to switch to new addresses at a rate that was not possible with IPv4.
this is likely to defeat the substantial infrastructure of
attack-tracking that is address-based, such as for anti-spam.
True, but the same property means that scanning attacks are infeasible
against IPv6 subnets. Attack tracking based on subnets may work
fine, though. Swings and roundabouts.
Anyway - nobody is saying that there are no security issues with IPv6.
Brian
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf