***SPAM*** Re: IPv6 support in firewalls

[Dave Piscitello <dave () corecom com>]

Marcus, a proposal nearly identical to what you suggest was one of the 
first presented at the IETF in the mid-1990s. At the time, the 
intelligentiaTF poo-pooed it as not being sufficiently forward-looking 
and innovative. It didn't consider 64-bit alignment. It didn't *fix* 
options. It didn't *fix* QOS. It didn't accommodate IP security in a 
"native" manner.

Happily, time wounds all heels. Over a decade later, and we've bent, 
twisted, tunneled, re-mapped, stretched, and NAT'd IPv4 until it does 
everything IPv6 promised - and now, all IPv6 brings to the table is a 
bigger field for addresses and an ungainly, unwanted and arguably 
unwarrantable transition scenario.

Jot down your proposal in an internet-draft. I bet you find a surprising 
number of technical folks who'll happily reconsider IPv6 deployment in 
favor of what I suggest you call IPkiss.

Oh, for the record, I was one of the folks who wrote OSI's network 
protocol (and yes, it is dog ugly, but name me a protocol developed by 
committee that isn't...). We didn't write it because we wanted to be 
remembered as a clever bunch. We wrote it because we didn't want to be 
remembered as the lame bunch of idiots who left public, switched 
networking in the hands of X.25 and ISDN operators, because in the early 
1980s, the rest of the world wasn't about to adopt US DOD protocols, and 
because we figured any network layer datagram, no matter how ugly, would 
be a far site better than living the rest of our networking lives under 
the thumb of network operators whose vision of broadband was 1 megabit 
per second.

Marcus J. Ranum wrote:
> Darren Reed wrote:
> > The only way that they can plan to do this is by specifying
> > that IPv6 is used - there is no other alternative.
>
> That's because nobody's looking for one. So IPV6 becomes
> both the question and the answer.
>
> This is remarkably familiar for those of us who survived
> the early days of the OSI wars. There was no alternative to
> OSI, either. Except for the simple little protocol that
> just worked.
>
> Left fill with zeroes, bump the version number, double the
> address space size, and let 'er rip. Sure, there'd be some
> details to sort out, but in terms of the complexity of
> cutting over to IPV6 it'd be a weekend job. The problem is
> that the people who COULD do it don't WANT to do it
> because they all want to be part of the clever bunch who
> wrote The Next Big Standard (by the way, that same
> thinking was what torpedoed OSI: one standard committee
> too many...)
>
> mjr. 
>
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards () listserv icsalabs com
> https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

Attachment: dave.vcf
Description:

_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards