• Hirom@beehaw.org
    link
    fedilink
    arrow-up
    10
    ·
    edit-2
    1 year ago

    Governments should require IPv6 support for any online service or connected device they buy. If that’s not a requirement for (sub)contractors, then they won’t put effort into it.

    This kind of requirements might also exclude a lot of crappy devices/services that have an outdated tech stack.

    • The Doctor@beehaw.org
      link
      fedilink
      English
      arrow-up
      11
      ·
      1 year ago

      A common requirement in government contracts is “there must be no IPv6 support, and if there is it must be verifiably disabled to decrease the size of the vulnerability surface.”

      Many years ago, that misconfigured firewall that let IPv6 traffic through without even bothering to log it, resulting in a years-long compromise scared a lot of govvies, but unfortunately it taught them the wrong lesson.

      Source: I’m a former Beltway Bandit.

        • The Doctor@beehaw.org
          link
          fedilink
          English
          arrow-up
          2
          ·
          1 year ago

          The wrong lesson learned was, “don’t use IPv6.” Which has, to a large extent, hurt the uptake of IPv6 everywhere, because “if the government doesn’t use it, we’re not going to use it.” Rather than do something sensible, like enable the IPv6 functionality of the firewalls and configure them properly.

        • Capricorn_Geriatric@lemm.ee
          link
          fedilink
          arrow-up
          1
          ·
          edit-2
          1 year ago

          Imagine this:

          You shot yourself in the foot (literally) due to sheer incompetence. How do you fix it?

          Do you: (a) take shooting classes or (b) have your foot amputated so you can’t shoot it again

          I think the right choice is clear.