Subj : IPV6 (Was "Notice that...")
To   : tenser
From : Arelor
Date : Wed Feb 16 2022 18:30:47

  Re: Re: Notice that...
  By: tenser to Arelor on Thu Feb 17 2022 11:38 am

 >  Ar> Ipv6 is a poor substitute for ipv4,
 > 
 > Why do you say that?

It came with SLAAC, which is insufficient for doing anything remotely
interesting (it cannot convey all the range of information typically provided
over DHCP) so if you want to deliver, say, ntp information, you end up using
DHCP anyway. Lots of deployments come with SLAAC but only DHCPv4 which is very
WTF.

Lots of ISP gear cannot properly delegate subs so you cannot subsegment your
own LAN with INternet routable subs unless you do the sort of ugly thing IPV4
was supposed to address (I am lookint at you, NAT). With the agravant that many
applications that run fine over NAT44 won't run over NAT66 (eg. I2P software)
so even the ugly hacks won't work.

IN order to get proper delegation of subs from your ISP you need to configure
the firewalls according to an RFC nobody pays attention to, it is poorly
understood by a lot of users (including admins), so in practice people blocks a
lot of ICMP traffic that is required as per the RFC because they have not a
clue and then they wonder why stuff is not working.

Bonus points because predictable addresses kill any privacy, end-to-end
connectivity is still not guaranteed because people will still place their LANs
behind firewalls, and the counter-measures to privacy threats are as messy as
you would expect.

I know a lot of this stuff is an implementation problem and that if everything
happened according to standards it would be golden, beautiful, and everybody
would be happy ever after. However, until I see wide deployments of sufficient
quality, I will label it as *CrAp*.

This ipv6 deal reminds me of the UEFI standard. An admin I know liked it so
much because he liked the Secure Boot stuff and the fact the specification
allowed properly key management and signing your own kernels for booting. WHen
people told him that UEFI sucked in consumer grade laptops becase they could
not sideload their own keys, he labeled the complainers as wannabes and losers.
After all, all the server grade systems he used alowed nifty UEFY tricks, so
complainers had to be trolls.

Then he purchased a UEFI laptop, and discovered the losers were right.

--
gopher://gopher.richardfalken.com/1/richardfalken
--- SBBSecho 3.14-Linux
 * Origin: Palantir * palantirbbs.ddns.net * Pensacola, FL * (21:2/138)

.