Re: Is this true?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



IPv6 made code to support IPSEC a requirement in the stack. Actual use
of IPSEC has never been a requirement because it still lacks a key
distribution mechanism for its original intended purpose of being a
pervasive security mechanism.

In practice, IPv6 will have NAT just like IPv4 had NAT even when the
IETF tried to prohibit it as an abomination. There will be no
transition from IPv4 to IPv6 without seamless address conversion
v4->v6 and v6->v4. So anyone who writes an application for IPv6 who
relies on the address being constant end to end is probably going to
find it is of no use in practice.


On Sat, Aug 28, 2010 at 4:13 PM, Florian Weimer <fw@xxxxxxxxxxxxx> wrote:
> * Brian E. Carpenter:
>
>> the basic model for IPv6 is not fundamentally different than IPv4;
>> why would the underlying security vulnerabilities be fundamentally
>> different?
>
> Lack of NAT and an expectation of end-to-end reachability seem quite
> fundamentally different from IPv4 as it is deployed to day.  (I'm not
> saying that NAT is a security feature, I'm just pointing to a rather
> significant difference.)
>
> IPv6 also make IPsec mandatory, which seems a significant change over
> IPv4, too.
> _______________________________________________
> Ietf mailing list
> Ietf@xxxxxxxx
> https://www.ietf.org/mailman/listinfo/ietf
>



-- 
Website: http://hallambaker.com/
_______________________________________________
Ietf mailing list
Ietf@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf



[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]