Five Security Flaws in IPv6
Iljitsch van Beijnum
iljitsch at muada.com
Sun May 13 21:07:06 CEST 2007
On 13-mei-2007, at 20:31, David Conrad wrote:
> God I hate that registry.
Get yourself hired by IANA and create something better. :-)
> First, 7/8 isn't really reserved/unallocated, it is actually
> allocated to DoD but they wouldn't let us update the registry to
> reflect that allocation.
Interesting definition of "allocated". Mine is simpler: if it's
"reserved" (or equivalent, it would be too easy to have the exact
same word in the exact same place indicate the exact same status) but
not for a particular purpose, then it's available.
> I had forgotten about 49 and 50, so the right answer is -8, however
> I'm told a /8 "special needs" allocation is due to arrive at IANA
> fairly soon,
What special needs?
And oh, I was a bit too nice in a previous message, saying that the
220.127.116.11/8 mess was gone. That would be a different mess, as explained
above. What I meant was that ARIN and RIPE both claim ownership of
18.104.22.168, which could then easily be counted twice:
# grep "|25\.0\.0\.0" /htdocs/test/delegated-*
And now that I'm on a roll: 22.214.171.124/8 is marked as in use by IANA
but not in any of the RIR records. This nicely cancels out 126.96.36.199/8
which IS in the ARIN database, though.
>> My personal prediction: unless unprecedented changes happen, we'll
>> be out of v4 somewhere in the second decade of the century, with
>> 2012 or 2013 being the most likely year for that to happen.
> Optimist. :-)
> "Past performance does not guarantee future results." The
> challenge with predicting the end of the worl^U IPv4 free pool is
> that socio-economic factors are almost certainly going to come into
> play (read: LAND RUSH!!!).
Especially when LIRs realize that they can lie through their teeth in
their last request because the RIRs do their checking for a given
block when the one after that is requested, which obviously never
happens for a last request. (-:
But I doubt this will make a lot of difference in the end. I don't
think very many people will be able to land rush millions of
addresses worth, only the ISPs using up these really large blocks
today are likely to get away with that. Since those are 90% of the
addresses given out, what happens with the other 10% is inconsequential.
When we're out of IPv4 addresses we'll finally see a decent incentive
to move to IPv6. The majority of people will stick to IPv4 anyway, as
the address depletion doesn't create any problems for people who
already have all the addresses they need. But with IPv4 dead in the
water, enough people will want IPv6 to get that ball rolling. I don't
think anything else, not even porn, is going to do that, so let's not
waste time telling people how good IPv6 is, let's just make sure that
when they finally get around to wanting it, IPv6 and its
implementations are mature and ready.
More information about the ipv6-ops