Five Security Flaws in IPv6

[Iljitsch van Beijnum]

On 13-mei-2007, at 20:31, David Conrad wrote:

> God I hate that registry.

Get yourself hired by IANA and create something better.  :-)

> First, 7/8 isn't really reserved/unallocated, it is actually  
> allocated to DoD but they wouldn't let us update the registry to  
> reflect that allocation.

Interesting definition of "allocated". Mine is simpler: if it's  
"reserved" (or equivalent, it would be too easy to have the exact  
same word in the exact same place indicate the exact same status) but  
not for a particular purpose, then it's available.

> I had forgotten about 49 and 50, so the right answer is -8, however  
> I'm told a /8 "special needs" allocation is due to arrive at IANA  
> fairly soon,

What special needs?

And oh, I was a bit too nice in a previous message, saying that the  
7.0.0.0/8 mess was gone. That would be a different mess, as explained  
above. What I meant was that ARIN and RIPE both claim ownership of  
25.0.0.0, which could then easily be counted twice:

# grep "|25\.0\.0\.0" /htdocs/test/delegated-*
delegated-arin-latest:arin|GB|ipv4|25.0.0.0|16777216|19850128|assigned
delegated-ripencc-latest:ripencc|GB|ipv4|25.0.0.0|16777216|19950101| 
allocated

And now that I'm on a roll: 14.0.0.0/8 is marked as in use by IANA  
but not in any of the RIR records. This nicely cancels out 7.0.0.0/8  
which IS in the ARIN database, though.

>> My personal prediction: unless unprecedented changes happen, we'll  
>> be out of v4 somewhere in the second decade of the century, with  
>> 2012 or 2013 being the most likely year for that to happen.

> Optimist.  :-)

> "Past performance does not guarantee future results."  The  
> challenge with predicting the end of the worl^U IPv4 free pool is  
> that socio-economic factors are almost certainly going to come into  
> play (read: LAND RUSH!!!).

Especially when LIRs realize that they can lie through their teeth in  
their last request because the RIRs do their checking for a given  
block when the one after that is requested, which obviously never  
happens for a last request.  (-:

But I doubt this will make a lot of difference in the end. I don't  
think very many people will be able to land rush millions of  
addresses worth, only the ISPs using up these really large blocks  
today are likely to get away with that. Since those are 90% of the  
addresses given out, what happens with the other 10% is inconsequential.

When we're out of IPv4 addresses we'll finally see a decent incentive  
to move to IPv6. The majority of people will stick to IPv4 anyway, as  
the address depletion doesn't create any problems for people who  
already have all the addresses they need. But with IPv4 dead in the  
water, enough people will want IPv6 to get that ball rolling. I don't  
think anything else, not even porn, is going to do that, so let's not  
waste time telling people how good IPv6 is, let's just make sure that  
when they finally get around to wanting it, IPv6 and its  
implementations are mature and ready.