BBC News - 'Fresh proposals' planned over cyber-monitoring

Florian Weimer fw at
Sun May 12 20:15:06 BST 2013

* Charles Lindsey:

> On Sun, 12 May 2013 10:07:04 +0100, Florian Weimer <fw at>
> wrote:
>> * Charles Lindsey:
>>> But I thought IPv6 did reserve a batch of numbers that would map into
>>> the IPv4 space (but not at the "bottom" of the IPv6 range).
>> There are at least three different reserved /96 prefixes for mapping
>> IPv4 addresses.  Except for the deprecated ::/96 prefix, these
>> mappings are incompatible with the IPv6 address architecture and its
>> requirements on the structure of global unicast addresses, so their
>> use on the IPv6 Internet is not permitted.

> That looks like a total shambles. How have they managed to reserve
> space in the IPv6 range, and at the same time not made it legal?

It seems I was mistaken.  As Peter pointed out, valid global unicast
addresses can be formed from the 64:ff9b::/96 prefix.  The ::ffff/96
prefix would work for that, too.

It's still bad that there are three different prefixes to choose from.
There's also a /48 prefix under 2002::/16 for every IPv4 address, but
that's a different transition mechanism which goes into the opposite
direction (sort of).

All this is quite confusing, smells like potential firewall evasion,
and generally encourages broad packet filtering.

> And is there no way such a facility could be added at this late
> stage?

You cannot improve IPv6 by adding new features, you have to remove
existing ones.  That's the only way to get a useful protocol out of

More information about the ukcrypto mailing list