861 posts • joined 11 Jan 2008
Re: "the world is clinging stubbornly to IPv4"
"you don't need to persuade people to give up NAT to persuade them to move to IPv6."
People, in the sense of domestic or cell phone subscribers, don't need to know anything about it.
If you mean professionals running small office networks, they might need to know, but not necessarily.
If you mean professionals running enterprise or campus networks, they mostly know already. Including the knowledge that you can run your IPv4 connection through NAT+firewall, your IPv6 connection through firewall only, and get exactly the same security protection.
Re: "the world is clinging stubbornly to IPv4"
When it changes is when your home network includes internal routers and many wired and wireless segments that are not bridged together. That's coming real soon now and only with IPv6 and HNCP (Home Networking Control Protocol).
Re: "the world is clinging stubbornly to IPv4"
Just because a sensor has an IPv6 address doesn't mean it's exposed to the open Internet. Just because a baby alarm with an IPv4 address is behind a NAT doesn't protect it from a malicious user. Security is a completely separate thing from addresses, and NATs are not security devices.
Re: "the world is clinging stubbornly to IPv4"
The difference is that for IPv6, things work just fine without NAT. Your firewall works just the same in both cases.
Re: "the world is clinging stubbornly to IPv4"
Anybody running a web site who wants visitors will continue to run IPv4 indefinitely. Obviously. But what is happening now (in some countries but not others) is increasing numbers (I mean millions) of subscribers, especially cell phones, whose primary connection is IPv6, with IPv4 being a second-class service. As major sites react to this (as Google and Facebook did long ago), the major sites will support IPv6 natively as well as IPv4. Obviously, because they want to provide first class service to everybody.
That being so, it doesn't really matter when the elusive tipping point arrives. Sites will add IPv6 support one at a time. Subscribers will move to IPv6 without knowing it. One day you'll look around and it'll be all over.
Re: Not really a big issue
Salt water is not good for cables designed for normal duty. So as well as building the dykes round the equipment, you'd also have to replace the cables going inland. And you'd need to construct an access bridge or something. It's all presumably feasible, but costs real money.
...that will cause the Internet to fragment
No it won't. Spitting control over certain TLDs is the most that would happen, and that won't split the actual network.
the ultimatum card
I don't see why splitting off the authority over certain TLDs, if it could be achieved, would lead to splintering of the Internet in any way. These are only names, which map to IP addresses. The root servers would figure out where to get the authoritative records from, even if some TLDs were administratively under ICANN and others under EUCANN. Splitting the authority doesn't split the network.
That said, it is hard to see how ICANN can be so obtuse on this issue.
Re: @ Loyal Commenter
"Except on topics of sovereignty, economics, immigration, trade"
Those are all points that are either unaffected by Brexit, or made worse:
1. Sovereignty. EU members keep their sovereignty. Yes, a few matters are delegated to the EU but (as Poland and Hungary are currently showing in an unpleasant way) sovereign powers are not removed.
1a. Since Brexit would make both N.Ireland and Scotland much more likely to leave the UK within a few years, the sovereignty argument rings pretty hollow anyway.
2. Economics. Every serious analysis shows that Brexit will be disastrous for the UK economy. Multiple industrial groups have started moving operations out; the others are begging the government for a very, very soft Brexit. These aren't commentators or academics: these are literally the captains of industry. If they're worried, I'm worried.
3. Immigration won't stop after Brexit: when we need workers, they will come. Most people don't come here except to work, anyway.
4. Trade. See point 2. If we lose all our free trade agreements overnight as well as losing free access to the EU market, our trade in both goods and services will not stop dead, but it will decline dramatically, the balance of payments will get much worse, the £ will collapse further, and the country will be impoverished. Do you think food's expensive now? Just wait for Brexit.
Will the consolidated root servers have the capacity to function...
I haven't read the white paper, but I read this as talking about consolidating the number of operators, not the number of servers. In any case the server addresses are all unicast addresses, i.e. in reality there are many instances of each of the apparent 13. So I don't think there's any issue about redundancy and DDOS resistance; this is an admin thing.
The main benefit is that if the ISP has no more IPv4 addresses, you still get connected...
they definitely do IP address tracking
Not only Netflix. Gmail, for example, treats frequent IP address changes as suspect*. They seem to have improved a bit recently in how they handle IPv6 privacy addresses, but it can still be a problem.
*Tunnelbear into the UK and they tell you that somebody in Slough has got your password. But that's only IPv4 since Tunnelbear isn't doing IPv6 yet.
Re: "Where does the 4 to 6 interchange take place?"
You've missed the point - because there are still lots of IPv4-only sites, the traffic needs to be sent onwards over IPv4. As those sites progressively add IPv6 support (hello The Register, are you listening?), users won't need this as much, but as long as there's a single IPv4-only site in the world, this feature is needed.
What extra complication?
..."no reason why I'd want to my home network to be IPv6 - a lot of extra complication and hassle"
Really? Do you have any internal routers? If not, there's no hassle, it just works. If yes, once they have HNCP support, there's no hassle, it just works.
The Poles never get sufficient credit...
Actually, I don't recall reading a single history of the GCCS work that didn't start with the Polish work. So I think they do get due credit. Realising that purpose-built machines could attack weaknesses in machine-generated ciphertext was a major insight. However, their relatively simple Bombas worked against a relatively simple form of Enigma; it got precisely nowhere against military-grade Enigma as used during the war. Turing's Bombes were a good deal smarter.
Let's hope these were duplicate IPv4 addresses. Duplicate IPv6 would be unforgivable.
Re: The EU listen? Don't make me laugh
Actually, the EU policy makers do listen, not so much to the UN, but to stakeholders in the EU member states. That's one of the good things about being in the EU, as opposed to being outside but forced to adopt EU rules in order to obtain trading rights.
I'm fully aware of the issues ... ?
" I'm fully aware of the issues of using checksum but it's really the only simple option..."
So what earthly use is a simple option that doesn't work?
Oh, and my book, published by a major publisher's EU-based office, is readily available with a bit of Googling, from a site (guess where) outside the EU. Such a law is utterly trivial to defeat, and therefore utterly pointless, whether it uses trivial checksums or very sophisticated machine learning.
Somehow a photo of the board does not restore confidence. I don't knew fully why.I think you'll find the same goes for any corporate board. What I don't quite get (being personally acquainted with at least 20 of the present or past board members) is how ICANN become so arrogant, for arrogant it certainly is. Without that problem, a lot of their decisions would be less inexplicable.
Of course, there's no way back now from the fundamental blunder of defining any new gTLDs at all.
Re: Perhaps we should think about building an EU internet?
We did that, in the late 1980s and the early 1990s. It works quite nicely. People seem to confuse TLD administration with running the actual Internet.
Re: The problem here...
They are only bound by US regulations because they have a contract with the US Department of Commerce (USDOC).No they don't; that contract went away two years ago (fortunately, or we'd have Trump sticking his tweeter in). But as a California non-profit corporation, they are primarily bound by US and California laws. If they run operations in the EU, those are bound by EU and national laws. By asking for an injunction against a German company in a German court, they are accepting German and EU jurisdiction anyway.
As for the root servers, please get your facts straight. And watch out for the way Kieren always mixes facts and his personal opinions in any story about ICANN.
Re: Dictionary anyone?
> So when when voting for BREXIT which part of the EXIT the voters didn't get?
All of it, in some cases, judging by TV interviews on the street the day after the referendum. Yes, people voted against David Cameron (in case you've forgotten, he was the toff who lived at 10 Downing St before Mayhem). But many of them didn't know what they were voting for, or thought it didn't matter because (a) it was only advisory and (b) they thought Remain would win anyway.
Big mistake, of course, but as events have shown even that female toff who said "Brexit means Brexit" didn't know, and still doesn't know, what "Brexit" really means. Well, it means things like being kicked out of Galileo, installing a hard border in Ireland, leaving Euratom with no way to buy spare parts for nuclear power stations, hundreds of lorries parked up on the M2 and M20, Scottish UDI, Irish reunification, collapse of international trade and so on. Enjoy!
The issue is not only the ISPs
It's service operators of all kinds (Vulture Central, I'm talking to you) that should have switched to dual stack years ago. The large ISPs and the CDNs are all there, but the small ones need an incentive, and that would be: zillions of web sites that work as well or better in v6.
But no need to sneer, progress continues, and we will get there. Just a bit later than originally hoped.
Re: Those brilliant minds who gave us IPv6
Well actually, they thought about coexistence since before the design was even chosen: RFC1671. IPv4 and IPv6 coexist perfectly. The underlying problem is that IPv4 (designed in the late 1970's) didn't provide any features to assist a version upgrade, except by including a version number. That makes interworking between IPv4 and IPv6 fundamentally hard. All that an IPv4-only device can do is barf when it receives an IPv6 packet. Please address all complaints to Bob Kahn and Vint Cerf.
"It would imply that 25% of the projected life of IPv6 is 42 years, meaning that even under this flawed plan it would have a life of ~126 years?"
I have no idea where those numbers come from. IPv6 allows for about 35 trillion networks with a /48 prefix under the space so far allocated to the registries, which is only 1/8 of the theoretical total space. The address space lifetime isn't even worth calculating. IPv6 may have a lifetime, but without idiocies like this ITU proposal, it isn't limited by address exhaustion.
> the old guard have had 20 years to get v6 to work and have failed
Please explain. The IPv6 network is already a great deal larger than IPv4 was 20 years ago, and is growing daily. Coexistence for many years was always part of the plan. I don't see failure there. You might as well say that electric cars have failed.
Re: Mapping plan
"The people who devised IPv6 were NOT engineers"
Wrong. And they were very aware of KISS, which is for example why the IPv6 header has a simpler structure than the IPv4 header, and why the original transition model was pure dual stack.
Things got complicated largely because of reluctance in the industry to adopt this simple transition plan.
" direct mapping from the public IPv4 addresses to a (tiny) subset of the IPv6 addresses."
Naturally this model was considered (in 1994 or thereabouts). Also, to keep the ITU happy, a mapping to OSI addresses was considered (also in 1994). The trouble is, neither of those models actually works. It's truly absurd that in 2018, the ITU comes up with a naive idea that was ditched more than 20 years ago.
The good news is that nobody who makes their living out of IP service provision will waste any time on this nonsense. IPv6 works well already; just use it.
It will probably be replaced by something else...
Let's hope not, above all not by the ITU. I promise you, that would be a hundred times worse.
What does "stopgaps to circumvent its issues" refer to, please?
Re: I hope ICANN loses completely.
That would be a bad outcome, if you'd like the Internet to run smoothly. And it probably won't happen - ICANN isn't actually planning to violate GDPR by publishing private information. And there isn't redundancy in requesting three contacts: owner (the person ultimately responsible), admin (the person to pay any fees involved), technical (the person to fix operational issues).
ICANN has been arrogant once in a while, but I don't think they've thumbed their nose at anybody's laws. As a corporation, they're bound by the law of their state of incorporation, which happens to be ca.us, but so is every corporation
Re: Also Broke BNZ in New Zealand
Must be a crap system design with no thought of resilience.
Many long years ago (before telephone exchanges were actually computers) I often phoned a friend whose number happened to end in 99. In those days, although the emergency number was 999, some electromechanical exchanges, if they received 99 and nothing else, would treat it as 999 after a certain timeout. So one time I phoned my friend, there was apparently a glitch while I was dialling, since the answer I got was "Emergency, which service do you require?" To which, somewhat surprised, I answered "Jesus Christ." They didn't put me through.
Re: I wonder what Kim Dotcom thinks of this?
I think you'll find he hates suppression orders. The more of the truth about his case that comes out, the shakier the US Government position appears.
fair and impartial hearing
"So it seems that you don't think that any attempt should be made to ensure a fair and impartial hearing..."
The thing is that NZ judges are absurdly fond of suppression orders compared to other countries. So because they routinely overdo it, it's almost impossible for the public to know which suppression orders are fair and in the interests of justice, and which are just protecting somebody's mates.
The irony is, of course, that it's a small country and it generally takes very little time to find out the identity if you're at all interested.
"Why did they have to completely redesign the protocol for IPv6?"
As often discussed here: IPv4 has no repeat no mechanism for indicating a different address length, so switching to a new IP version number was obligatory. And (in 1994 when these decisions were taken) there were a lot of known gotchas in IPv4, so IPv6 was redesigned to avoid them. Now, of course, there are workarounds for those gotchas, so people don't notice them so much.
Re: I can take a stab at it..
"1. Usability sucks"
Not true. Was maybe true 15 years ago.
"2. Massive capex required to replace incompatible kit"
Not true. You'll get IPv6 when you next update your kit anyway. That's why the preferred deployment is dual-stack, so you can run IPv4 as long as necessary.
"3. No real business case, when everything is sitting behind a thumping big NAT / NetScaler."
That depends very much on your scenario. But there's no urgency; just lie back and let it happen, which doesn't need a business case.
"4. The additional cost of making sure every wheezing business app is IPV6 compliant"
That's a real issue if you're at a point where you can't update those apps.
"5. The cost of MAKING all those wheezing old business apps IPV6 compliant."
That's #4 again.
"6. General business inertia to resist change, and avoid risk."
That's true. Dinosaurs go extinct for that reason.
"when you manage to get it by hook or crook, a lot of things break"
Not where I live, some km south-west of Australia
Must muster faster
"leave by the nearest door and if that was at the back of the building walk round the end of the building to the muster area"
One place I worked, the rules specifically instructed us not to evacuate by walking between the buildings to the muster area. We were told to leave the site, walk (don't run) round the block (at least half a km stroll) to reach the muster area at the other end of the car park.
It even made sense. Especially the day that the evacuation test included an actual, intentional, burning car, to the enormous delight of everybody including the local volunteer fire brigade.
NOT the IETF
Chiming in late to point out a major inaccuracy in the story:
The draft in question is not output from the IETF. It's input to the IETF.
It's an individual draft, written by an individual with strong opinions about privacy and about what the GDPR means, which has been posted for discussion. It has very little chance in its present form of being endorsed and published by the IETF.
You might try reading the "status of this memo" section of the draft.
Re: Follow the sun?
They may not be "too bad" but it takes us back 40 years in terms of getting problems fixed by people who understand the user's application scenario. Just all part of Big Blue's slow sunset, I guess.
Re: So what's important?
"IBM looks ok to me."
Great. How many of my shares would you like to buy?
... mostly just used by copyright cartels
It's mostly just used by copyright cartels to sue people anyway.
No. It may well be used for that, since a lot of people seem to think that the copyright laws don't apply to them personally, but it's intended for use to fix operational problems by identifying the responsible operator for an address block or a domain. (As I said re a previous story, which people don't seem to get, judging by the number of downvotes.) It's true that you don't need a personal name to provide that; it could be BOFH@example.co.uk, but that hasn't been the historical approach since whois was invented 30+ years ago.
Doesn't change the fact that ICANN is heading for a fall on this.
...no political overtones here at all.
Bug, not a feature
The self-destruction "feature" is familiar to poor sods using Lotus Notes for email; indeed screen grabs may be the only way to keep an email indefinitely, since no-copy also means no-print. In practice it becomes a bug when somebody sends a self-destroying email that contains information that is needed for future reference or subject to a legal retention requirement. I'm not sure that the "GMAIL ate my homework" argument is going to work in court.
I think that old email from Google about "don't be evil" has self-destructed.
Re: Unstable operation coming soon...
"The only difference is that our details won’t be available for anyone to access."
Exactly. So the public isn't able to discover who registered dodgybusiness.com without expensive and cumbersome due process. That seriously reduces consumer protection. Privacy is a two-edged sword and GDPR doesn't seem to recognise it. Fraudsters are pleased.
Unstable operation coming soon...
"the stable operation of the Internet's unique identifier systems" has been possible for many years because it's possible to discover who is (ab)using any particular registration. And contact them if necessary for operational purposes.
Changing this will make illicit or ham-fisted operations much harder to stop. It will be ironic if EU privacy rules make criminal activities easier to get away with.
Don't they need to get all registrants to sign a waiver?
I call BS
"Something like a coin flip may seem random, but its outcome could be predicted if one could see the exact path of the coin as it tumbles."
Sorry, but that's plain wrong. Everything is a quantum process; there are just a zillion zillion quanta in a coin toss, but ultimately the one quantum that determines whether the coin lands heads or tails is unpredictable. (Yes, that only applies to the small fraction of coin tosses that are too close to call from Netwonian mechanics, because of measurement error, but philosophically a coin toss is just as unpredictable as the health of Schroedinger's cat, and for the same reason.)
"he was not being serious?"
Maybe not, but there are hotels and the like that NAT 18.104.22.168/24 and whose gateways sit on 22.214.171.124, so they won't be able to use this new "service".
Lords start peer-to-peer wrangling
The probe, announced today by the Communications Committee, will ask how governments should deal with the problems thrown up by the internet and the services that run on it.Not a bad response time, only about 23 years since Internet content became an issue.
Re: Where are the Brexit fans?
What's vindictive about it? Why did anyone register in .eu in the first place? Presumably, because they were starting an EU-wide activity. If they plan to continue that activity after Brexit, they will need an office in the EU anyway, and they can switch the registration to there.
Nothing to see here, please move along.
Compared to the multitude of real economic, social and personal disasters that Brexit will cause, this is trivial.