> > On Jan 5, 2011, at 9:17 PM, Joe Greco wrote: > > >>> It has nothing to do with "security by obscurity". > >>=20 > >> You may wish to re-read what Joe was saying - he was positing sparse = > addres=3D > >> sing as a positive good because it will supposedly make it more = > difficult f=3D > >> or attackers to locate endpoints in the first place, i.e., security = > through=3D > >> obscurity. I think that's an invalid argument. > >=20 > > That's not necessarily security through obscurity. A client that just > > picks a random(*) address in the /64 and sits on it forever could be > > reasonably argued to be doing a form of security through obscurity. > > However, that's not the only potential use! A client that initiates > > each new outbound connection from a different IP address is doing > > something Really Good. > >=20 > If hosts start cycling their addresses that frequently, don't you run = > the risk of that becoming a form of DOS on your router's ND tables?
It could, but given the changes we've seen in the last twenty years, I have no reason to expect that this won't become practical and commonplace in IPv6. I think it is a matter of finding the right enabling technologies, and as others have noted, what currently exists for IPv6 isn't necessarily the best-of-breed. ... JG -- Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net "We call it the 'one bite at the apple' rule. Give me one chance [and] then I won't contact you again." - Direct Marketing Ass'n position on e-mail spam(CNN) With 24 million small businesses in the US alone, that's way too many apples.
