What problems do you see in the excessive use of hop-by-hop option headers?

Hop-by-hop options are likely to be inspected by slow path (CPU forwarding) in the routers. Commercial routers use cheap CPU and expensive silicon to make it economical. So any increase in CPU load could result in denial-of- service attack, by chewing up CPU power and affecting other computations such as routing information exchanges.

Various RFC drafts try to improve or fix IPv6 security. Should we create something from scratch instead. Some countries, such as Japan for example, are working on "replacements" for the Internet...

The project mentioned on the above link is, honestly speaking, just another set of people from ivory towers, and/or telcos, who are trying to get government funding. The government (would do) better to fund OpenBSD instead :-)

There is no point in re-doing the whole thing when we are reaching the end of IPv4 allocation worldwide, which is predicted to be year 2010 or so. We have to convince Microsoft people to ship Windows Vista with IPv6 enabled by default, so there's no point in turning back. We just need more education, training, and documents to propagate IPv6 knowledge. Also, we need more amazing applications which use IPv6.

Do we really need IPv6 then?

Of course. I am performing ssh-over-IPv6 login to my mail server as I am writing this. My home wireless network is IPv6-only, since I do not have enough IP address to spare, unlike North America.

Both the U.S. Department of Defense and the White House's Office of Management and Budget have mandated that the military services and federal agencies move their backbone systems to IPv6 by June 30, 2008. What approach would you suggest to support IPv6?

If you are a vendor, you have to implement IPv6 as soon as possible. There are numerous consultants who can help your company to integrate IPv6 into your product. If your product is based on free software such as BSD and Linux, it is just a matter of configuration. If not, it may be a bit difficult to implement IPv6 from scratch -- again, go through Qing Li's "IPv6 core protocol implementation" book and see if you want to implement it for sure, and see if you can implement it in a timely manner so that you can compete with other vendors.

Government/military people has been saying that they require IPv6 for the procurement decisions. In Japan it has been enforced more than 5 years, if my memory serves. There are government documents which guides government departments/offices to become IPv6-ready (IPv4/v6 dual stack). It is amazing those people are prepared for the coming days.

However, I think we need to bring IPv6 to more attention to people by having more materials for education and training. For instance, the amount of CISCO CCNA IPv6 text books should become equal to IPv4.

Operation of IPv6 will be dual-stack (IPv4 and IPv6) for a long time, since the deployed IPv4 codebase is too huge. We can never have a flag day. It is just like having IP phones and PSTN (ground line) phones -- they use different technologies, but the sole goal is for people to make voice conversations. The difference between IPv4 or IPv6 matters for some engineers, but not for random people who have no idea what "192.168.1.1" means.

An important point here is that, engineers will be able to make more innovative services with IPv6. More innovation is made possible by IPv6, since we can have more time to spend on the key technology rather than circumventing troubles with NAT and private address. To achieve this, at the same time, security technologies such as OpenBSD "secure-by-default" approach becomes highly important, since, with firewalls, we cannot really deploy new stuffs. And, if you look at firewall situation without pair of glasses, (1) you have host firewall and network/organization firewalls which are duplicates (2) you have to update virus signature database because your OS is vulnerable from the start. OpenBSD have neither of the problems.