On Oct 18, 2010, at 11:19 AM, Henning Brauer wrote: > * Owen DeLong <o...@delong.com> [2010-10-18 18:29]: >> The good news is that stateful inspection doesn't go away in IPv6. > > that is right. > >> It works just fine. All that goes away is the header mangling. > > that is partially true. it can work just fine, but all the bloat in v6 > makes it way harder to implement the state tracking than it should be. > Actually, the state tracking in IPv6 requires a little more memory, but, it's actually easier on the silicon and has significant improvements over IPv4 for ASIC parsing of the headers.
>> It's really unfortunate that most people don't understand the distinction. >> If they did, it would help them to realize that NAT doesn't actually do >> anything for security, it just helps with address conservation (although >> it has some limits there, as well). > > right. > >> IPv6 with SI is no less secure than IPv4 with SI+NAT. > > well, it is. the extension headers are horrible. the v4 mapping horror > is an insane trap, too. link-local is the most horrid concept ever. > all hail 160 bit addresses. > We can agree to disagree. Owen