On 24 mar 2010, at 13.22, Mark Townsley wrote: >>> >> If we believe that the attacks that today exist in IPv4 won't exist in IPv6 I think we are highly underestimating the investments in the underground economy. I am convinced we will see the same level of attacks and exploits for IPv6 as for IPv4. That said, I am not convinced that any security in the CPE will protect against that, just as NAT didn't protect in IPv4. However, I don't think that is the issue that we are trying to address with the simple security draft. >> > Application level attacks will surely be the same. > > L3/L4 attacks will match the vulnerabilities of the OSes under attack. 90s and early-2000 era IPv4-only stacks are different than today's IPv6 (and IPv4) stacks. There will definitely be overlap in both vulnerabilities and attack methods, but I still think it will be a subset of what we saw in yesteryear. I would agree with this, but I also think that the current simple security draft does address that overlap. > I do think that CPE security could protect against future attacks, just not the CPE security defined in draft-ietf-v6ops-simple-security... Could you elaborate in more detail what you think should change? Best regards, - kurtis -
Attachment:
PGP.sig
Description: This is a digitally signed message part