Florian Weimer wrote:
>> the basic model for IPv6 is not fundamentally different than IPv4;
>> why would the underlying security vulnerabilities be fundamentally
>> different?
>
> Lack of NAT
I am told that NAT for v6 is (ironically) among the most "asked for"
IPv6 features...
Nevertheless, it wouldn't be a surprise to me that stateful v6 firewalls
take NAT's place, such that "only return traffic is allowed".
("resistance to change", if you want)
> and an expectation of end-to-end reachability seem quite
> fundamentally different from IPv4 as it is deployed to day.
As ironic as it may sound, some people are actually *concerned* about
this. (no, not *me*)
> IPv6 also make IPsec mandatory, which seems a significant change over
> IPv4, too.
As noted by Fred, this is mostly "words on paper".
Thanks!
Kind regards,
--
Fernando Gont
e-mail: fernando@xxxxxxxxxxx || fgont@xxxxxxx
PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1
_______________________________________________
Ietf mailing list
Ietf@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf