140 likes | 179 Views
Security IPv4 vs. IPv6 Is there a difference?. Greg Travis Indiana University greg@iu.edu. In the beginning…. The Internet was infinitesimally small, and no one could comprehend its role in the future of society Networks, as they grew, were built and run by benevolent lords
E N D
SecurityIPv4 vs. IPv6Is there a difference? Greg Travis Indiana University greg@iu.edu
In the beginning… • The Internet was infinitesimally small, and no one could comprehend its role in the future of society • Networks, as they grew, were built and run by benevolent lords • The security concern of the time was simply a nuclear war
In the beginning… • Security was the concern of the government • Cryptography was within the realm of dark projects • “Secure” communications were defined by the NSA
The IETF said “let there be Autonomous Systems and routing protocols” • and Internet grew and grew • The NSF said “let there be commercialization” • and the Internet grew and grew and grew • Cisco said “let there be e-commerce” • and Cisco grew and grew
In 1993 the IETF said “the sky is falling” • Current state-of-the-art routers couldn’t hold the entire routing table • It was projected that class-B addresses, and eventually all addresses, would be exhausted • Creative IETF members said “we can fix things”, but each had his own plan
“If you’re giving away ice-cream, make sure the scoops are small” • The IETF said “let there be CIDR” • and classless interdomain routing became the efficient way to dole out IP addresses • Others in the IETF said “CIDR is nice, but we’re still going to run out of ice-cream” • “wouldn’t it be nice to have an astronomical amount of ice-cream, they wondered” • Two years later, the IETF invented the equivalent of an astronomical amount of ice-cream: IPv6
Around the same time they were solving the ice-cream problem, the IETF also was dealing with security • SSL was standardized - now TCP connections could be encrypted without the user messing around with keys or passphrases • Standards were emerging for securing the network at the IP layer (would later be called IPSEC)
The difference between “may” and “must” • The IPv6 IETF standard (RFC ) specifies that a full implementation of IPv6 MUST support certain components of IPSEC • IPv4, which was defined before IPSEC, MAY support IPSEC • In reality, some IPv6 stacks don’t support IPSEC and many IPv4 stacks do. • There are no additional security features if IPv6! In fact, IPv4 does have additional required security features (but they’re not used)
IPv6 does have an astronomical number of addresses • This does allow for the flexibility to build network topologies which support attribution at the network layer. • You can make quite a mess with an astronomical amount of ice-cream.
The argument for IPv6 is to maintain the flexibility of supporting the end-to-end network model. IMHO, it has nothing to do with security