Re: 6to4 security questions

[Pekka Savola <pekkas@netcore.fi>]

On Thu, 21 Nov 2002, Brian E Carpenter wrote:
> Actually, what is wrong with the model in bullet 2.2 of section 5.2
> of RFC 3056, i.e. require a BGP4+ peer relationship between a 6to4
> router and the 6to4 relay routers it deals with? (OK, I can see some
> reachability issues but 6to4 is not supposed to be the universal answer.)

That, in itself, helps little.  Relay routers must also be connected using 
BGP4+ and advertising more specific routes.
 
> As I said a moment ago, 6to4 wasn't designed for end hosts. I've
> always felt the BGP4+ scenario was the best one. 

Well, the reasons 6to4 is used are usualy either/and:
 1) ease of taking into use
 2) takes dynamic v4 address into account

For SOHO/home use, both conditions are usually fulfilled.  Also, for 
bigger enterprise networks, which are usually able to run BGP etc., are 
only concerned about _at most_ 1).

-- 
Pekka Savola                 "Tell me of difficulties surmounted,
Netcore Oy                   not those you stumble over and fall"
Systems. Networks. Security.  -- Robert Jordan: A Crown of Swords