BBC News - 'Fresh proposals' planned over cyber-monitoring

Florian Weimer fw at
Mon May 13 18:45:08 BST 2013

* Ian Batten:

> I simply don't understand this argument.  What is IPv6, if not IPv4
> with a small extension for a larger address space (and you say that
> as though it's not terribly important)?

If you look at typical IPv6 textbooks, they give you a long list of

* larger address space
* simplified address structure
* universal reachability of all end devices
* protocol header optimized for efficient forwarding
* more flexibility due to scoped addresses
* improved security through IPsec
* smaller routing tables due to aggregation
* stateless auto-configuration
* automatic renumbering between different provider aggregates
* no broadcasts
* improved multicast
* built-in mobility
* better for QoS with flow labels

A lot of that turned out to be totally undesirable, often for security
reasons.  For example, if the network is stateless, it cannot prevent
source address spoofing—it cannot keep state that tells it which
network port is associated with which address or set of addresses.
Similarly, I don't think we want our fridges to be reachable from the
public Internet at large, just because it happens to have an IPv4
address for our own (personal) use.

> TCP and UDP go over IPv6 unchanged, for example.

Stateless, RFC-compliant UDP servers are rather difficult to build
with IPv6.  (We didn't get that right with IPv4 first, either.)

Getting to the TCP/UDP header is quite different, too.  It can even be
in a completely different packet.

More information about the ukcrypto mailing list