[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
misunderstanding scale
- Subject: misunderstanding scale
- From: EWieling at nyigc.com (Eric Wieling)
- Date: Mon, 24 Mar 2014 15:04:54 -0400
- In-reply-to: <CAP-guGXeFppQ_oLfecc0asXP664x8Bqz2G-rt=P8uYaCKkSv5g@mail.gmail.com>
- References: <CAP-guGUhOYXDuuwZtYO0YFKfBxto+0+T2w4+KSCQ7L=dzw=MQQ@mail.gmail.com> <[email protected]> <CAP-guGXeFppQ_oLfecc0asXP664x8Bqz2G-rt=P8uYaCKkSv5g@mail.gmail.com>
Yes, that is exactly what IPv6 expects of us. The only surprising part is by all indications the IPv6 designers did not think this would be a problem.
-----Original Message-----
From: William Herrin [mailto:bill at herrin.us]
Sent: Monday, March 24, 2014 1:14 PM
To: Joe Greco
Cc: nanog at nanog.org
Subject: Re: misunderstanding scale
On Mon, Mar 24, 2014 at 8:31 AM, Joe Greco <jgreco at ns.sol.net> wrote:
>> all successful security is about _defense in depth_.
>> If it is inaccessible, unrouted, unroutable and unaddressable then
>> you have four layers of security. If it is merely inaccessible and
>> unrouted you have two.
>
> Time to give up two layers of meaningless security for the riches
> offered by the vastness of the new address space.
Hi Joe,
You'd expect folks to give up two layers of security at exactly the same time as they're absorbing a new network protocol with which they're yet unskilled? Does that make sense to you from a risk-management standpoint?
-Bill
--
William D. Herrin ................ herrin at dirtside.com bill at herrin.us
3005 Crane Dr. ...................... Web: <http://bill.herrin.us/> Falls Church, VA 22042-3004