[External] Re: IPv6 uptake

• Previous message (by thread): [External] Re: IPv6 uptake
• Next message (by thread): [External] Re: IPv6 uptake
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Feb 19, 2024 at 9:00 AM Hunter Fuller <hf0002+nanog at uah.edu> wrote:
> I guess the point I'm making is, the methods we are using today for v6
> dual WAN, work fine for most people.

Hi Hunter,

I accept that point. It's wobbly on some of the details, but you're
talking "most" people, not everyone.


> There isn't really an advantage to using v4 NAT.

I disagree with that one. Limiting discussion to the original security
context (rather than the wider world of how useful IPv6 is without
IPv4), IPv6 is typically delivered to "most people" without border
security, while IPv4 is delivered with a stateful NAT firewall. If
ISPs got diligent about providing an IPv6 firewall to customers even
though they don't need to do so for the customer to use more than one
computer, there'd still be a security difference between internal
hosts that are externally addressable (a stateful firewall without
NAT) and internal hosts which are not. Security doesn't deal with
"most people," it deals with people savvy enough to find and exploit
the openings and errors in the software most people use.

Regards,
Bill Herrin


-- 
William Herrin
bill at herrin.us
https://bill.herrin.us/

• Previous message (by thread): [External] Re: IPv6 uptake
• Next message (by thread): [External] Re: IPv6 uptake
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]