North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: v6 subnet size for DSL & leased line customers
In a message written on Wed, Dec 26, 2007 at 09:19:54PM +0100, Iljitsch van Beijnum wrote: > Many switches can enforce a MAC/port relationship, so that MAC > addresses can't be spoofed. Which gets to the crux of my question. If you're a shop that uses such features today (MAC/Port tracking, DHCP snooping, etc) to "secure" your IPv4 infrastructure does IPv6 RA's represent a step backwards from a security perspective? Would IPv6 deployment be hindered until there is DHCPv6 snooping and DHCPv6 is able to provide a default gateway, a-la how it is done today in IPv4? It would be very interesting to me if the answer was "it's moot because we're going to move to CGA's as a step forward"; it would be equally interesting if the answer is "CGA isn't ready for prime time / we can't deploy it for xyz reason, so IPv6 is less secure than IPv4 today and that's a problem." -- Leo Bicknell - [email protected] - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/ Read TMBG List - [email protected], www.tmbg.org Attachment:
pgp00021.pgp
|