ietf
[Top] [All Lists]

Re: Is this true?

2010-08-30 10:25:56
IPv6 made code to support IPSEC a requirement in the stack. Actual use
of IPSEC has never been a requirement because it still lacks a key
distribution mechanism for its original intended purpose of being a
pervasive security mechanism.

In practice, IPv6 will have NAT just like IPv4 had NAT even when the
IETF tried to prohibit it as an abomination. There will be no
transition from IPv4 to IPv6 without seamless address conversion
v4->v6 and v6->v4. So anyone who writes an application for IPv6 who
relies on the address being constant end to end is probably going to
find it is of no use in practice.


On Sat, Aug 28, 2010 at 4:13 PM, Florian Weimer 
<fw(_at_)deneb(_dot_)enyo(_dot_)de> wrote:
* Brian E. Carpenter:

the basic model for IPv6 is not fundamentally different than IPv4;
why would the underlying security vulnerabilities be fundamentally
different?

Lack of NAT and an expectation of end-to-end reachability seem quite
fundamentally different from IPv4 as it is deployed to day.  (I'm not
saying that NAT is a security feature, I'm just pointing to a rather
significant difference.)

IPv6 also make IPsec mandatory, which seems a significant change over
IPv4, too.
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf




-- 
Website: http://hallambaker.com/
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf

<Prev in Thread] Current Thread [Next in Thread>