> On 27 Nov 2019, at 10:58, Sabri Berisha <sa...@cluecentral.net> wrote:
>
> ----- On Nov 26, 2019, at 7:59 AM, Willy Manga mangawi...@gmail.com wrote:
>
> Hi,
>
>> I would have said the very very minimum could be to invest in a
>> dual-stack 'proxy' for public-facing services; internal or external
>> solution, you have the choice.
>>
>> And why even do that ? Because the other side is not only on IPv4.
>
> Using a dual-stack proxy is not always an option. Source IP information may
> be needed on the app level for risk analysis, OFAC compliance, and copyright
> purposes. For example, Paypal will definitely use IP address information in
> its fraud risk analysis.
And existing proxies don’t already pass through the connecting IP address?
There are even header fields that are dedicated for this purpose [1].
Most web sites could be dual stacked today with zero issues. Web site analytic
tools already deal with IPv6 and have for years.
> That said, there are of course ways to do that while using a proxy. However,
> that will now require some for of development. Dev time better used to
> properly implement v6.
And the difference in time between reading the address from X-Forwarded-For: vs
directly is negligible.
> Unfortunately, I've been part of way to many discussions where the only thing
> a beancounter wants to know is: what is the short term effect of not doing it?
>
> Short term exec bonuses, short term decisions.
>
> Thanks,
>
> Sabri
[1] https://en.wikipedia.org/wiki/X-Forwarded-For
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
