The FCC released a report in December 2010, Potential Impacts on Communications from IPv4 Exhaustion & IPv6 Transition. The report describes the near exhaustion of the IPv4 address space and introduces IPv6, citing support for adoption by all Internet addressing authorities and a long list of government and standards bodies, including US DoD, OMB and Federal CIO Council, ICANN, ISOC, the European Commission, the OECD, and the ITU. The paper offers a history lesson on network protocol transitions (NCP to TCP/IPv4 in the early 1980s). This is helpful for folks who are unfamiliar with terms such as "dual stack", "flag-day", and "offline" (hint: this is what happened to your network if you failed to complete your transition by the flag-day). The paper continues with an interesting discussion of potential issues. The pace of adoption is slow, largely because of a negative networking effect, a polite way of saying no one is converting because you can't reach much content using IPv6 once you do. The paper also cites consumer demand. Actually it admits, "there has not been consumer demand for IPv6". It also mentions that there is no flag-date, "no hard and fast deadline creating urgency, which has been key to other successful transitions" such as the US Congress mandated for digital TV (DTV). The paper finishes with a discussion of IPv6 transition methods, preparation, costs, NAT, and Security. The entire section on Security is reproduced below: "IPv6 is a new network protocol which will require new training, experience, and implementations. During the transition, new vulnerabilities could be introduced, and IPv4 security devices and software may be of limited use. As network operators have done when introducing anything new into networks, operators will have to work with and test IPv6 implementations in order to ensure security." |
|
I worry that the obvious is the most the FCC could find to say about security and IPv6. Was it wrong for me to hope that the paper would offer some information regarding the availability and quality of IPv6 security software and hardware? Or comment whether organizations would be able to deploy security measures in IPv6 nets that are commensurate with what they have in their IPv4 nets? I know that "security commensurate to IPv4" doesn't exactly set the bar very high, but the clock is ticking: has anyone done a thorough gap analysis yet? Care to share?