Re: Radical Surgery proposal: stop doing reverse for IPv6.

[Måns Nilsson <mansaxel@sunet.se>]

--On Friday, March 28, 2003 00:19:46 +0900 "JINMEI Tatuya /
=?ISO-2022-JP?B?GyRCP0BMQEMjOkgbKEI=?=" <jinmei@isl.rdc.toshiba.co.jp>
wrote:

> As others pointed out, I admit the wording "security" was too broad.
> However, I don't see difference between "security" and "order" in
> terms of the tradeoffs between benefits and disadvantages.

Perhaps. I do not trust the data I get from reverse, not until DNSSEC. But,
I might find it convenient to use for a first judgement -- is this a well
kept host on a good network, regardless of its intentions? 

> I see your frustration, but I'd respectfully say this is a subjective
> argument that cannot make a productive result.  I, for one, have tried
> to be rather conservative and not to propose changing existing
> protocol/practices/implementations just because "we now have a new IP
> version."  You may simply disagree, though.

Sure, it is subjective. And no, I am not trying to point you out. My
apologies it so received. 

>> I argue that while the number of available addresses will be perceived as
>> close to infinite when comparing v6 to v4, but I find it hard to believe
>> that the number of hosts will increase 79228162514264337593543950336 
>> (2^128 / 2^32) times as soon as we have v6 deployment. On the contrary, I
>> believe that it will be gradual, pretty much as it was for v4, though I
>> think it will be considerably faster. 
> 
>> Therefore, the present techniques will be adaptable to v6, <snip>
> 
> Probably they will, but this does not prohibit us from exploring a
> "better" solution (at least for those who don't think the current
> situation is best) that can be introduced gradually.

Of course. There is also a "legacy cost" associated with keeping the old
system, should we decide to develop a new one. I am aware of that. I think
that the force should be directed in configuration management; to develop
protocols that allow us to autoupdate the present structure, and do so
securely and trustworthy. 

>> IPv6 is not magic, it is just more address space. When will people
>> understand? 
> 
> I don't know who are "people" or when the people will understand that,
> but I've never believed or said IPv6 is a magic.  I've always
> understood it is essentially just more address space (though there are
> still some unique characteristics, of course.)

Again, nothing personal. Again, apologies if so received. Now, there are
(and these are the ones I mean) people who try to reform the routing
system, both allocation-wise and in terms of router/host number
relationships, not to mention site-local. I think this is unecessary, and
the one thing we need is more, working addresses. Moore /will/ deal with
some of the non-problems people are trying to solve.

-- 
Måns Nilsson            Systems Specialist
+46 70 681 7204         KTHNOC  MN1334-RIPE

We're sysadmins. To us, data is a protocol-overhead.

PGP signature