IPv6 made code to support IPSEC a requirement in the stack. Actual use of IPSEC has never been a requirement because it still lacks a key distribution mechanism for its original intended purpose of being a pervasive security mechanism. In practice, IPv6 will have NAT just like IPv4 had NAT even when the IETF tried to prohibit it as an abomination. There will be no transition from IPv4 to IPv6 without seamless address conversion v4->v6 and v6->v4. So anyone who writes an application for IPv6 who relies on the address being constant end to end is probably going to find it is of no use in practice. On Sat, Aug 28, 2010 at 4:13 PM, Florian Weimer <fw@xxxxxxxxxxxxx> wrote: > * Brian E. Carpenter: > >> the basic model for IPv6 is not fundamentally different than IPv4; >> why would the underlying security vulnerabilities be fundamentally >> different? > > Lack of NAT and an expectation of end-to-end reachability seem quite > fundamentally different from IPv4 as it is deployed to day. (I'm not > saying that NAT is a security feature, I'm just pointing to a rather > significant difference.) > > IPv6 also make IPsec mandatory, which seems a significant change over > IPv4, too. > _______________________________________________ > Ietf mailing list > Ietf@xxxxxxxx > https://www.ietf.org/mailman/listinfo/ietf > -- Website: http://hallambaker.com/ _______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf