Another driver for v6?

Brandon Butterworth brandon at rd.bbc.co.uk
Wed Oct 29 02:53:56 CDT 2008


> They claim they will deploy IPv6 in their worldwide enterprise network, do 
> away with central based enterprise firewalls and do host-to-host 
> IPv6+IPSEC, Active Directory based certificates for authentication.

That's why we end up breaking end to end, to cover up for stuff that
exposes more than people are comfortable with

> All security would be host based.

Right, the last thing to trust based on experience so far

First they need to get rid of all the bots and other
malware before hosts can be trusted.

> as I am very tired of all the problems caused by multiple
> layers of NATs and PAT.

Likewise but more because people keep designing stuff to try and force
others to get rid of them, ignoring why they have them.

brandon




More information about the NANOG mailing list