[Info-vax] implementing IPv6 on the internet
Chris
xxx.syseng.yyy at gfsys.co.uk
Sat Sep 24 15:27:23 EDT 2016
On 09/24/16 15:08, Dirk Munk wrote:
>
> Really? This will break SSL/TLS because there is a check on IP address.
> When the DNS name and the IP address don't match the one on the
> certificate, you will get a violation warning, and some browsers
refuse to connect all together.
Ok, so what happens when the dynamically assigned dhcp address
from your V4 router changes, which can happen at any time ?. Same
problem, no connection, according to the above scenario. Of course
the client ip address isn't checked by itself, why should it ?.
However, the remote node's address is, which makes sense from the
point of view of security against remote node impersonation. I
see that often here, when the remote ip address of a test system
is changed, but only have to delete the entry in ~/.ssh/known_hosts
to start over.
As I said, i'm not designing these routers. The top of the head idea
was just brainstorming and even if it's wrong, there are obviously
many ways to solve the problem. You said it's impossible, which is
clearly untrue, since translating routers already exist according
to another poster. Also, isp's must be using them to translate between
their backbone V6 feed and V4 subscribers. If that's incorrect, please
explain why.
All the docs i've read suggest that V4 and V6 will coexist for many
years and that translators will be used at isp subscribers, together
with NAT. You don't like that, sorry, but that's reality...
Regards,
Chris
More information about the Info-vax
mailing list