[address-policy-wg] Re: [ppml] IPv6 addresses really are scarce after all
-
To: <michael.dillon@localhost, ietf@localhost
-
From: "Stephen Sprunk" stephen@localhost
-
Date: Mon, 27 Aug 2007 16:08:14 -0500
-
Cc: ppml@localhost, address-policy-wg@localhost
Thus spake <michael.dillon@localhost
In my experience Ethernet bridges and switches are not
designed with security as a goal. When they fail to transmit
all incoming frames on all interfaces, it is to prevent segment
overload or broadcast storms. There are many cases where
people have found ways, sometimes quite simple ways, to
receive Ethernet frames that are not addressed to them.
Given this backdrop, I am suggesting that a homeowner
may have several reasons for inserting routers (and router /
firewalls) into their home network, thus requiring the ability
to have multiple /64 IPv6 subnets. Architecture aside, this
is a pragmatic response to an information security issue.
Basically, because some people are too dense to use IPsec or SSL for traffic
they don't want observed, you want to greatly complicate the average home
network's design? That they should be more scared of, say, their spouse
sniffing their credit card numbers at home than the NSA and FBI tapping
their email and web browsing at the CO?
Sorry, but that's the wrong response to the wrong problem.
S
Stephen Sprunk "God does not play dice." --Albert Einstein
CCIE #3723 "God is an inveterate gambler, and He throws the
K5SSS dice at every possible opportunity." --Stephen Hawking
|
you are here: RIPE -> RIPE Maillists > Archives
