To:
dnsop@cafax.se
From:
Måns Nilsson <mansaxel@sunet.se>
Date:
Fri, 28 Mar 2003 15:22:12 +0100
In-Reply-To:
<y7vvfy4q1kd.wl@ocean.jinmei.org>
Sender:
owner-dnsop@cafax.se
Subject:
Re: Radical Surgery proposal: stop doing reverse for IPv6.
--On Friday, March 28, 2003 00:19:46 +0900 "JINMEI Tatuya / =?ISO-2022-JP?B?GyRCP0BMQEMjOkgbKEI=?=" <jinmei@isl.rdc.toshiba.co.jp> wrote: > As others pointed out, I admit the wording "security" was too broad. > However, I don't see difference between "security" and "order" in > terms of the tradeoffs between benefits and disadvantages. Perhaps. I do not trust the data I get from reverse, not until DNSSEC. But, I might find it convenient to use for a first judgement -- is this a well kept host on a good network, regardless of its intentions? > I see your frustration, but I'd respectfully say this is a subjective > argument that cannot make a productive result. I, for one, have tried > to be rather conservative and not to propose changing existing > protocol/practices/implementations just because "we now have a new IP > version." You may simply disagree, though. Sure, it is subjective. And no, I am not trying to point you out. My apologies it so received. >> I argue that while the number of available addresses will be perceived as >> close to infinite when comparing v6 to v4, but I find it hard to believe >> that the number of hosts will increase 79228162514264337593543950336 >> (2^128 / 2^32) times as soon as we have v6 deployment. On the contrary, I >> believe that it will be gradual, pretty much as it was for v4, though I >> think it will be considerably faster. > >> Therefore, the present techniques will be adaptable to v6, <snip> > > Probably they will, but this does not prohibit us from exploring a > "better" solution (at least for those who don't think the current > situation is best) that can be introduced gradually. Of course. There is also a "legacy cost" associated with keeping the old system, should we decide to develop a new one. I am aware of that. I think that the force should be directed in configuration management; to develop protocols that allow us to autoupdate the present structure, and do so securely and trustworthy. >> IPv6 is not magic, it is just more address space. When will people >> understand? > > I don't know who are "people" or when the people will understand that, > but I've never believed or said IPv6 is a magic. I've always > understood it is essentially just more address space (though there are > still some unique characteristics, of course.) Again, nothing personal. Again, apologies if so received. Now, there are (and these are the ones I mean) people who try to reform the routing system, both allocation-wise and in terms of router/host number relationships, not to mention site-local. I think this is unecessary, and the one thing we need is more, working addresses. Moore /will/ deal with some of the non-problems people are trying to solve. -- Måns Nilsson Systems Specialist +46 70 681 7204 KTHNOC MN1334-RIPE We're sysadmins. To us, data is a protocol-overhead.