BBC News - 'Fresh proposals' planned over cyber-monitoring
Florian Weimer
fw at deneb.enyo.de
Sun May 12 20:15:06 BST 2013
* Charles Lindsey:
> On Sun, 12 May 2013 10:07:04 +0100, Florian Weimer <fw at deneb.enyo.de>
> wrote:
>
>> * Charles Lindsey:
>>
>>> But I thought IPv6 did reserve a batch of numbers that would map into
>>> the IPv4 space (but not at the "bottom" of the IPv6 range).
>>
>> There are at least three different reserved /96 prefixes for mapping
>> IPv4 addresses. Except for the deprecated ::/96 prefix, these
>> mappings are incompatible with the IPv6 address architecture and its
>> requirements on the structure of global unicast addresses, so their
>> use on the IPv6 Internet is not permitted.
> That looks like a total shambles. How have they managed to reserve
> space in the IPv6 range, and at the same time not made it legal?
It seems I was mistaken. As Peter pointed out, valid global unicast
addresses can be formed from the 64:ff9b::/96 prefix. The ::ffff/96
prefix would work for that, too.
It's still bad that there are three different prefixes to choose from.
There's also a /48 prefix under 2002::/16 for every IPv4 address, but
that's a different transition mechanism which goes into the opposite
direction (sort of).
All this is quite confusing, smells like potential firewall evasion,
and generally encourages broad packet filtering.
> And is there no way such a facility could be added at this late
> stage?
You cannot improve IPv6 by adding new features, you have to remove
existing ones. That's the only way to get a useful protocol out of
it.
More information about the ukcrypto
mailing list