Re: 6to4 security questions

[Tim Chown <tjc@ecs.soton.ac.uk>]

On Thu, Nov 21, 2002 at 12:00:07AM +0200, Pekka Savola wrote:
> 
> To me, it is clear that 6to4 is probably never the best solution except in
> most SOHO/Home network solutions, or in testing (easy to get started, as 
> there is no need to negotiate a tunnel).
> 
> But that is what it was designed for, I think.

If you look at home user connectivity now, the most common method used is
a tunnel broker, witness 10K+(?) users of freenet6.  A TB can serve /48's
as well as just connecting hosts.  I doubt there's 10K users of 6to4?

I think people can probably handle having a "TB connect" icon on their
desktops if needed.  I know of many young gamers who were very adept at
keeping DirectX versions up to date to play Windows games not so long ago,
which is no more tricky.

The TB main weakness is tunnel topology - it doesn't optimise like 6to4.
I really don't want to use freenet6 from the UK, for example.  I also 
worry about scalability, but the TB web server can farm out tunnels
to a farm of TB servers (is this what freenet6 does?).   But a nice 
advantage is that you can use TSP and authentication.  

I take the point about 6to4 deployment in Sun.  It's certainly easier than
a mesh of tunnels in that respect (depending on the topology you want),
but you still need the same ISP support (ip tunnels allowed).

Tim