Re: Review: draft-ietf-v6ops-nap-01.txt

["Gunter Van de Velde (gvandeve)" <gvandeve@cisco.com>]

At 08:10 23/08/2005 +0200, Stig Venaas wrote:
> On Tue, Aug 23, 2005 at 02:12:08PM +0930, Mark Smith wrote:
> [...]
> > This certainly isn't a perfect solution, however, it could be an
> > improvement over some of the other techniques mentioned.
> >
> > Any thoughts ?
>
> My thought is basically that it might work, but adds a lot of complexity.
> As does the other proposed mechanisms. I would not deploy them, but then
> I never understood why people are so concerned about hiding topology. I
> guess someone that for some reason think it important might want a
> solution. I would rather try to understand why people want to hide their
> topology and hopefully explain why it's not important, rather than
> presenting solutions adding complexity to the network though...

I suppose its just the vain feeling/perception of having security by 
obscurity.

Having a hidden topology may make no real difference for a real attack, however
it may increase the threshold for the not so expert attackers, while at the 
same time
it provides a comfort feeling to the network administrator that he has one 
additional
(yet virtual) barrier the hacker has to go through. I'm not saying that 
this is a
good thing, however, people are by general behavior consistent in keeping a 
believe
in old habits and convictions.

Unfortunatly the industry need for having a tool to provide topology hiding is
real.... and is very easy to deploy in the IPv4 world by using address 
translation, hence
the IPv6 community better provides some solution for this and the MIPv6
one seems most appropriate to me at the moment. (The /128 ULA's is a different
story)

Groetjes,
G/


> Stig
>
> >
> > Thanks,
> > Mark.