🏴☠️
I assumed this was a 1 April publication but nope, it appears to be real. My favorite part is how it basically pretends IPv6 doesn't exist except for a couple mentions of basically "no one likes v6."
Timeline
Post
Remote status
Context
10
@cR0w I think we can safely assume adoption will be *zero* of this. The main lesson of IPv6 is that change on a global scale is very very hard.
@ClickyMcTicker I don’t expect any large vendors to expend any effort on this. If you can’t get MS and Cisco etc onboard then this is already dead man walking. No comment on whether it’s good or desirable, just this has a classic first mover disadvantage. You expend millions across your product line to make it compatible for something nobody wants. Does anybody with money want this enough to get those companies to do it? @cR0w
@dch @ClickyMcTicker @cR0w I really hope it's real because this dual stack world is terrible squared
@feld so we’d have … what a triple stack world? complexity and exploits cubed I guess @ClickyMcTicker @cR0w
@dch @ClickyMcTicker @cR0w why would it be triple stack? you put IPv6 in the bin where it belongs and you have a hybrid dual-stack where new infra can take advantage of the new address space and old infra works transparently
@feld @dch @ClickyMcTicker @cR0w
I don't know how anyone can take this seriously when this is in the draft: Every manageable element in an IPv8 network is authorised via OAuth2 JWT tokens served from a local cache.
I don't know how anyone can take this seriously when this is in the draft: Every manageable element in an IPv8 network is authorised via OAuth2 JWT tokens served from a local cache.
@phnt TBF that is when I stopped reading. The idea of having my network stack broken because of some as-yet undiscovered vuln in JWT is horrifying. I'm sure there is a really good idea behind that, so maybe that can be broken out into something useful elsewhere, without the OAuth2 / JWT bits. @feld @ClickyMcTicker @cR0w
@dch @feld @ClickyMcTicker @cR0w The idea behind it after reading through some of the draft is that it prevents unauthorized changes to the network.
When I join your network while not being authorized to do so, I should not be able to access anything on the network. Or at least that's how I understood it, since the draft is ambiguous about it and doesn't really explain it. So I guess things like ARP spoofing on a local network should then be impossible, because the responses aren't authorized by a valid JWT token.
When I join your network while not being authorized to do so, I should not be able to access anything on the network. Or at least that's how I understood it, since the draft is ambiguous about it and doesn't really explain it. So I guess things like ARP spoofing on a local network should then be impossible, because the responses aren't authorized by a valid JWT token.
@phnt @dch @ClickyMcTicker @cR0w
> So I guess things like ARP spoofing on a local network should then be impossible, because the responses aren't authorized by a valid JWT token
except if the client doesn't implement IPv8 and is operating in the backwards compat IPv4 mode, then I assume it has to accept the ARP spoofing?
> So I guess things like ARP spoofing on a local network should then be impossible, because the responses aren't authorized by a valid JWT token
except if the client doesn't implement IPv8 and is operating in the backwards compat IPv4 mode, then I assume it has to accept the ARP spoofing?
Replies
0
No replies yet.