[LACNIC/Seguridad] Fwd: RFC 6434 on IPv6 Node Requirements (IPSec en IPv6)

[Fernando Gont]

On 12/27/2011 10:39 AM, Carlos M. Martinez wrote:
> I don't buy that IPv6 currently gives anyone a false sense of security.
> It has been argued in the past (wrongly) that IPv6 was to be more
> secure/fast/generally_nicer/<insert whatever here> than IPv4, when
> obviously it's not. But no one on the IPv6 camp is arguing that now.

I think that a general problem is that in many circles there seems to be
some sort of belief that pretending to ignore problems makes them go away.

As (yet) another data point, there was even a recent discussion in an
IETF WG regarding whether a document on "IPv6-only experiences"
(http://tools.ietf.org/id/draft-arkko-ipv6-only-experience-04.txt)
should be published as an RFC, with the major/real argument against such
publication being that that deescribing "brokenness" in an RFC might be
counterproductive, and the greatest argument in favor of publication was
along the lines of "the truth will save you". :-)
(part of the thread is here:
http://www.ietf.org/mail-archive/web/ietf/current/msg71137.html).

I don't think there has ever been any field in history on which the
humans have made progress without analyzing, debating, and working on
the existing problems and "missing pieces". IMO, what hampers IPv6
deployment is people ignoring IPv6, not people working or talking about it.

That aside, we've put online the slides of a talk I gave at the
1hackparaloschicos even, which provide a "high level" discussion of the
"IPv6 deployment" and "IPv6 security" issues, while still pretending to
be enjoyable :-). The slides are available at:
<http://www.si6networks.com/presentations/1hack2011/fgont-1hack2011-seguridad-ipv6.pdf>

Un abrazo,
-- 
Fernando Gont
SI6 Networks
e-mail: fgont en si6networks.com
PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492