Brian E Carpenter wrote: > What was always pointed out is that IPv6 use of IPsec doesn't have to > deal with NAT traversal, which was an issue for IPv4 use of IPsec, It should be noted that IPsec, including AH, works transparently over port restricted IP, including end to end NAT, if a 4B SPI is used as a 2B source and a 2B destination port numbers. > until RFC 3948 came along in 2005. Since then, even the weak form of > the "more secure" myth has been indefensible. IP over TCP is a more robust kludge for legacy NAT. Masataka Ohta _______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf