Florian Weimer wrote:
the basic model for IPv6 is not fundamentally different than IPv4;
why would the underlying security vulnerabilities be fundamentally
different?
Lack of NAT
I am told that NAT for v6 is (ironically) among the most "asked for"
IPv6 features...
Nevertheless, it wouldn't be a surprise to me that stateful v6 firewalls
take NAT's place, such that "only return traffic is allowed".
("resistance to change", if you want)
and an expectation of end-to-end reachability seem quite
fundamentally different from IPv4 as it is deployed to day.
As ironic as it may sound, some people are actually *concerned* about
this. (no, not *me*)
IPv6 also make IPsec mandatory, which seems a significant change over
IPv4, too.
As noted by Fred, this is mostly "words on paper".
Thanks!
Kind regards,
--
Fernando Gont
e-mail: fernando(_at_)gont(_dot_)com(_dot_)ar || fgont(_at_)acm(_dot_)org
PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf