IPv6 was actually late, because the growth of the internet was not expected. IPv6 should have existed before the whole NAT came in to general use. That's why we didn't switch in 1994.
OK, let's start with number one, with IPv6 everyone will get there own subnet when they connect with an ISP. Subnet means you are allowed to have reverse DNS-nameservers. All you need is you own domain.
it could just be: my-family-name.cable-isp.tld
If you have this, you can make: fridge1.cable-isp.tld
When those things happen, I wouldn't be surprised if you IPv6-enabled cable-/dsl-router will also include his own public-addressable nameserver.
Now for the second problem.
Ever heared of Mobile-IP ?
You have a roaming device which connects back to a device (at home for example) which has an extra static-address which just forwards traffic to the IP that moves around (think of road-warrior IPSec or similair).
If enough people are willing to pay extra there will be more money available to make it more reliable.
Also a lot of technology just exists to make things more efficient, it's a good investment. A little more money up front, but a whole lot less money over time.
With IPv6 you wouldn't even need to block ICMP. If you use auto-configuration, you will be using an 16-byte IPv6-address derivate a 8-byte subnet-address and a 6-byte mac-address. Just to give you an idea, IPv4-addresses are only 4-bytes. So it takes months to scan your subnet.
Totally agree that things like opportunistic encryption would be great, although I'm sure we'll get to see a lot of bugs and issues first before things get better.
This creates a false sense of security, because DNSSEC only works for those that support it and only works automatically for those TLD's that have it setup.
There is something called DNSSEC Look-aside Validation (DLV) which DNS-admins can use to validate manually setup validation of a tld or in this case.gov, but I doubt anyone will do it.
The only good thing is the software and procedures get tested better if.gov also starts using it.
And maybe ever DNS-admin 'inside'.gov will setup the DLV manually, that way all communication between.gov's might be better protected.
Get your own large IPv6-block now so you can be poineer as well.:-)
But seriously, the class A's really don't add a lot. because by the time they are made available, the demand will be very high too and they be gone in no time.
What's going to be more expensive: A massive NAT box or an IPv6-enabled router (as many already are)?
About the same, atleast, because you want to keep the same kind of state for IPv6-firewall as for IPv4-NAT. Yes it maybe be easier to code for IPv6, but there going to be less vendors selling you a IPv6-enabled device. So you have less vendors to choose from, this could be more expensive.
IPv6 was actually late, because the growth of the internet was not expected. IPv6 should have existed before the whole NAT came in to general use. That's why we didn't switch in 1994.
Well 6to4 is a mess, use a proper tunnel service.
Peak Oil has already happend, prices have been jumping up and down since 2001 or something or other, just as they predicted.
It's not a protocol it's a workaround we kind of got in to a working state.
You have a belt ?
OK, let's start with number one, with IPv6 everyone will get there own subnet when they connect with an ISP. Subnet means you are allowed to have reverse DNS-nameservers. All you need is you own domain.
it could just be: my-family-name.cable-isp.tld
If you have this, you can make: fridge1.cable-isp.tld
When those things happen, I wouldn't be surprised if you IPv6-enabled cable-/dsl-router will also include his own public-addressable nameserver.
Now for the second problem.
Ever heared of Mobile-IP ?
You have a roaming device which connects back to a device (at home for example) which has an extra static-address which just forwards traffic to the IP that moves around (think of road-warrior IPSec or similair).
To add to that.
If enough people are willing to pay extra there will be more money available to make it more reliable.
Also a lot of technology just exists to make things more efficient, it's a good investment. A little more money up front, but a whole lot less money over time.
With IPv6 you wouldn't even need to block ICMP. If you use auto-configuration, you will be using an 16-byte IPv6-address derivate a 8-byte subnet-address and a 6-byte mac-address. Just to give you an idea, IPv4-addresses are only 4-bytes. So it takes months to scan your subnet.
There is a privacy-option in IPv6, which changes your IP-addresses randomly every x amount of time (for new destinations for outbound connections).
If there was an abundance of IP-addresses they wouldn't need to ask for so much money.
I suggest to use the mail-submission-port and authentication with ssl. And only use a 'real' mailserver for handing port 25 traffic.
Well it's not mine.
I just pointed out, yes one exists, I've never used or tried it.
There is a RFC-draft for using DNSSEC to check BGP-announcements.
A proper secure protocol for doing DNS-updates would be nice to (DHCP-etc.)
And switch vendors starting to implement RA-guard.
yes, there is one:
http://www.nlnetlabs.nl/dnssec/drill_extension.html
Totally agree that things like opportunistic encryption would be great, although I'm sure we'll get to see a lot of bugs and issues first before things get better.
You are mostly correct, actually it's even worse.
This creates a false sense of security, because DNSSEC only works for those that support it and only works automatically for those TLD's that have it setup.
There is something called DNSSEC Look-aside Validation (DLV) which DNS-admins can use to validate manually setup validation of a tld or in this case .gov, but I doubt anyone will do it.
The only good thing is the software and procedures get tested better if .gov also starts using it.
And maybe ever DNS-admin 'inside' .gov will setup the DLV manually, that way all communication between .gov's might be better protected.
Ohh, you want to buy it ?
I'm sorry, but you completely missed the point of propriatary shrinkwrapped software.
You don't buy it, you pay for a license to use it.
And how you are allowed to use it, is specified in the license.
I wouldn't be suprised if you don't even own the CD or other media the software came on when you paid for it.
You are at the mercy of the company selling it to you, if you don't like it, don't buy propriatary shrinkwrapped software.
That's the whole point of Open Source.
I bought a E70 instead.
With Obama as president ? That would be kind of ironic.
Maybe we should link to Hot For Words on YouTube ?:
http://www.youtube.com/watch?v=kzzKXZqLQt8
I know I don't really like video as an information medium, and the images are distracting, but it's very probably correct.
Are there any for-pay wireless drivers that work any better then we have now ?
Get your own large IPv6-block now so you can be poineer as well. :-)
But seriously, the class A's really don't add a lot. because by the time they are made available, the demand will be very high too and they be gone in no time.
What's going to be more expensive: A massive NAT box or an IPv6-enabled router (as many already are)?
About the same, atleast, because you want to keep the same kind of state for IPv6-firewall as for IPv4-NAT. Yes it maybe be easier to code for IPv6, but there going to be less vendors selling you a IPv6-enabled device. So you have less vendors to choose from, this could be more expensive.
Well it's "up for graps" at a 750000 British pounds.
And if it's part of a bigger block the 0 and 255 are possible usable, depending on where in the large block they are.