←back to thread

The IPv6 Transition

(www.potaroo.net)
215 points todsacerdoti | 4 comments | 20 Oct 24 05:54 UTC | HN request time: 0s | source
Show context
kalleboo ◴[20 Oct 24 07:22 UTC] No.41893589[source]
The internet stopped being a network of peers where everyone needed an address and is now a split into producers (a handful of large companies) and consumers (everyone else).

The consumers are not expected to need a public address where they can be reached - in fact, having a public address is actually a security and privacy risk.

replies(3): >>41893910 #>>41898097 #>>41898172 #
1. redprince ◴[20 Oct 24 08:35 UTC] No.41893910[source]
That was in fact one of the promises of IPv6: Restore the network of peers where every host is in principle a server and a client and communication between peers is unhindered unless a policy is enforced saying otherwise (on the machine, on a firewall, etc.).

> having a public address is actually a security and privacy risk.

Services can be turned off or a firewall instructed not to pass traffic from the internet (by default). That represents exactly the same attack surface as having a service enabled and nobody being able to get to it from the internet because of NAT.

The privacy risk is mitigated by RFC4941 "Privacy Extensions for Stateless Address Autoconfiguration in IPv6". Granted that does not deal with the (delegated) prefix staying the same and when there are only one or very few users in that prefix, some individual behavior could be inferred. Because of that at least in Germany we have the peculiar horror of getting the IPv6 address and all delegated prefixes changed on every redial. That eliminates all privacy concerns while also continuing to make residential internet connections useless for hosting any services.

Anyway. The internet is already way down the road of functioning only as the delivery conduit for a few cloud / service providers mediating all user communication and access to content.

replies(1): >>41898691 #
2. Affric ◴[20 Oct 24 21:37 UTC] No.41898691[source]
> in Germany we have the peculiar horror of getting the IPv6 address and all delegated prefixes changed on every redial.

This is oh so very German.

In normal times it is massively overkill. I have to wonder if, heaven forbid, the things these sort of German things are meant to mitigate come to pass again if they will make any difference or if they are a largely symbolic act designed to demonstrate ideological opposition to such things.

replies(2): >>41899306 #>>41901522 #
3. kiwijamo ◴[20 Oct 24 23:17 UTC] No.41899306[source]
This seem to be common. My RSP (ISP) only offers a fixed IPv6 address/prefix on request -- otherwise they will just allocate one out of their pool as they do for dynamic IPv4 (although both dynamic IPv4 and IPv6 is fairly sticky so normally DHCP/PPPoE connections will get the same address previously used as long as it hasn't been reallocated). I personally have a static IPv4 address and a static IPv4 address/prefix from my RSP for my home network.
4. magicalhippo ◴[21 Oct 24 07:16 UTC] No.41901522[source]
Got the same here in Norway. I've had the same dynamic IPv4 address from my ISP since I moved here over 6 years ago. I get a new IPv6 prefix every time the line goes down, modem needs reboot, moon is full etc.