Roger Jørgensen wrote:
Sent: Tuesday, October 26, 2010 1:53 PM
To: Fred Baker; IETF Discussion
Subject: Re: [Full-disclosure] IPv6 security myths
On Tue, Oct 26, 2010 at 10:39 PM, Fred Baker <fred(_at_)cisco(_dot_)com>
wrote:
<snip>
In the scope of things, wh does having one of out of the many needed
tools make
IPv6 different than IPv4, especially given that the indicated tool is
present in both
IPv4 and IPv6 implementations?
Scratch-a-my-head. I don't see it.
I have a feeling the idea that IPv6 add something to security might be
linked back
to the IPsec focus real early on in the IPv6 era, like years and years
ago.
Why it happen or how, I don't really know.
How it happened? --- Ever heard of NAT? At the time IPsec through nat did
not widely exist, and even implementations that figured out udp had the
problem that the cert often included a 1918 address which didn't match the
packet header source address. It is easy to forget context when bashing
something after the fact...
As Fred said there are many things that go into defining 'security'. Often
people that are too focused on their little corner of the world put a box
around the term 'security' to fit within their local context. People that
want to do something outside that box are by definition 'breaking security'.
Consider that there are many impossible-to-resolve situations like:
End user considers 'security' to mean "nobody except the recipient can see
this"
Network admin tasked with Intellectual Property protection considers
'security' to mean "I have to see everything to verify its content doesn't
violate security policy"
You can't have both of those cases at the same time, yet both definitions of
'security' are valid. When people force-fit their local context on someone
else's attempt to use the ambiguous term, misunderstanding and group-think
bashing closely follow.
Tony
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf