Home page logo
/

nanog logo nanog mailing list archives

Re: IPv6 end user addressing
From: Owen DeLong <owen () delong com>
Date: Thu, 11 Aug 2011 14:35:25 -0700


I respectfully disagree. If appliance manufacturers jump on the bandwagon to make their device *Internet Ready!* 
we'll see appliance makers who have way less networking experience than Linksys/Cisco getting into the fray. I highly 
doubt the pontifications of these Good Morning America technology gurus who predict all these changes are coming to 
the home. Do we really think appliance manufacturers are going to agree on standards for keeping track of how much 
milk is in the fridge, especially as not just manufacturing but also engineering is moving to countries like China? 
How about the predictions that have been around for years about appliances which will alert the manufacturer about 
impending failure so they can call you and you can schedule the repair before there's a breakdown? Remember that one? 
We don't even have an "appliance about to break, call repairman" idiot light on appliances yet.

What standards?  The RFID tag on the milk carton will, essentially, replace the bar code once RFID tags become cheap 
enough. It'll be like an uber-barcode with a bunch more information.

For keeping track of how much, cheap sensitive pressure transducers will know by the position of the RFID tag combined 
with the weight of the thing at that location in the refrigerator. There's no new standard required.

The technology to do this exists today. The integration and mainstream acceptance is still years, if not decades off, 
but, IPv6 should last for decades, so, if we don't plan for at least the things we can see coming today and already 
know feasible ways to implement, we're doomed for the other unexpected things we don't see coming.

But I predict the coming of IPv6 to the home in a big way will have unintended consequences.


Definitely.


I think the big shock for home users regarding IPv6 will be suddenly having their IPv4 NAT firewall being gone and 
all their devices being exposed naked to everyone on the internet. Suddenly all their security shortcomings (no 
passwords, "password" for the password etc) are going to have catastrophic consequences. I foresee an exponential 
leap in the  number of hacks of consumer devices which will have repercussions well beyond their local network. In my 
opinion that's going to be the biggest problem with IPv6, not all the concerns about the inner workings of the 
protocols. I'm guessing the manufacturers of consumer grade networkable devices are still thinking about security as 
it applies to LANs with rfc 1918 address space behind a firewall and haven't rethought security as it applies to IPv6.


Sigh... 

Continuing to propagate this myth doesn't make it any more true than it was 10 years ago.

NAT != Security
End-to-End addressing != End-to-End connectivity
It will not be long before the average residential IPv6 gateway comes with a default deny all inbound stateful firewall 
built in. Once you have that, your hosts are not exposed naked to everyone on the internet. In fact, they are no more 
exposed than with NAT with the key difference being that if you choose to expose one or more hosts, you have the option 
of deliberately doing so.

Actually, I know for certain that most of the CPE manufacturers are participating in the effort to draft better 
security requirements for residential gateways as a current ID and hopefully an RFC soon. I believe, as a matter of 
fact, that this is a BIS document being intended as a more comprehensive improvement over the initial version.

Owen



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]