ipv6 & login frame
martin at millnert.se
Fri Oct 5 09:13:58 CEST 2012
On Fri, 2012-10-05 at 08:55 +0200, Ignatios Souvatzis wrote:
> On Thu, Oct 04, 2012 at 09:59:11PM +0300, Liviu Pislaru wrote:
> > hi,
> > i'm deeply surprised to see that if i'm using IPv6 i cannot login on
> > this website (http://www.arbetsformedlingen.se) and i even get an
> > explicit message. (see the links below)
> > https://www.dropbox.com/s/tzuom0p1ka3tpgz/v6_login_english.png
> > https://www.dropbox.com/s/tbxvkkmjwi8sxq5/v6_login.png
> > do you know about similar issues with any other website ?
> > does anyone has an explanation for this ?
> > security issues, geolocation issues ... what do they want to avoid ?
> They simply have enabled AAAA for the machine, and didn not disable
> IPv6 for Apache, but have something dependent on IPv4 in their
> database. It might just be a stupid CMS from last century.
> Lots of people warn against this practice, e.g. me in a talk in 2009.
>  http://theory.cs.uni-bonn.de/~ignatios/bgnw.vortrag.pdf, page ca. 30.
> Sorry, German language
This is well-known within the Swedish ISP community and at least one of
our fellow ipv6-ops subscribers just recently escalated this to the
Swedish regulatory authority. There is a severe lack-of-clue problem +
a large-organisation problem in play. We (ok, mostly friends) have been
trying to help them for what, close to 6 months now? Some ITIL / Change
Request method in combination with lack of clue that explains this
cl**ster***k I guess.
More information about the ipv6-ops