To:
Måns Nilsson <mansaxel@sunet.se>
Cc:
dnsop@cafax.se
From:
JINMEI Tatuya / $B?@L@C#:H(B
<jinmei@isl.rdc.toshiba.co.jp>
Date:
Fri, 28 Mar 2003 00:19:46 +0900
In-Reply-To:
<693620000.1048698209@localhost>
Sender:
owner-dnsop@cafax.se
User-Agent:
Wanderlust/2.6.1 (Upside Down) Emacs/21.2 Mule/5.0 (SAKAKI)
Subject:
Re: Radical Surgery proposal: stop doing reverse for IPv6.
>>>>> On Wed, 26 Mar 2003 18:03:29 +0100, >>>>> Måns Nilsson <mansaxel@sunet.se> said: >>> Security usage of reverse ... >> >> Can we all really agree on this point? I know many people in this >> thread (regardless of their position about reverse mapping) said a >> similar point, but I still see those who believe in the "security >> benefit" of reverse mapping. > I think people confuse "security" with "order". For instance, several IRC > servers only let people in if forward and reverse match. This is just a > simple test, just to see if the client in some fuzzy way comes from "the > right side of the tracks". It does echo of "security", but it is really > just a matter of "order". The same goes for ftp servers. As others pointed out, I admit the wording "security" was too broad. However, I don't see difference between "security" and "order" in terms of the tradeoffs between benefits and disadvantages. >> Such approaches will include: >> >> - wildcard reverse mapping for some upper zone >> - ICMPv6 node information queries > I think, to a certain extent, that these proposals are the result of the > approach "Now we have a new IP version. Let's change everything that has > annoyed us even a little bit, be it only from an æstethic point of view" > which has shown itself in various places in discussions wrt IPv6. I see your frustration, but I'd respectfully say this is a subjective argument that cannot make a productive result. I, for one, have tried to be rather conservative and not to propose changing existing protocol/practices/implementations just because "we now have a new IP version." You may simply disagree, though. > I argue that while the number of available addresses will be perceived as > close to infinite when comparing v6 to v4, but I find it hard to believe > that the number of hosts will increase 79228162514264337593543950336 > (2^128 / 2^32) times as soon as we have v6 deployment. On the contrary, I > believe that it will be gradual, pretty much as it was for v4, though I > think it will be considerably faster. > Therefore, the present techniques will be adaptable to v6, and with > increasing automation (dhcp/dns interaction, dynamic updates, > autogeneration based on arp tables, and the old-fashioned > $EDITOR-in-zonefile), what have you, will be sufficent until we know (as > opposed to guessing) what number of hosts will be typically deployed. Probably they will, but this does not prohibit us from exploring a "better" solution (at least for those who don't think the current situation is best) that can be introduced gradually. > IPv6 is not magic, it is just more address space. When will people > understand? I don't know who are "people" or when the people will understand that, but I've never believed or said IPv6 is a magic. I've always understood it is essentially just more address space (though there are still some unique characteristics, of course.) JINMEI, Tatuya Communication Platform Lab. Corporate R&D Center, Toshiba Corp. jinmei@isl.rdc.toshiba.co.jp #---------------------------------------------------------------------- # To unsubscribe, send a message to <dnsop-request@cafax.se>.