Re: 6to4 deployement issues - was 6to4 security questions

[Alain Durand <Alain.Durand@Sun.COM>]

Laurent Dumont wrote:

> I'm not sure that the relay model will collapse if many 6to4 users are using
> it, because the reality is that a 6to4 node will most likely be talking to
> another 6to4 peer and will really not go through any relay for most of its
> traffic. Why? because there is nothing of interest for them on the 6bone, so
> that won't change much to the current situation...
Either you leave the relay model or you remove it.
If you leave it as it is, you open serious security issues
If you remove relays from the architecture, you create
a partition of the Internet. Sure, today there is no content
reachable though native IPv6, but one day, there will.
That day, you do not want to prevent those gazilliions
6to4 users from reaching it.

The only wat forward is either to deprecate 6to4 alltogether
(and use another conncetivity for the masses approach until
IPv6 ISPs are generally available)
or to fix the security problem.

My take is go back to the white board and try to fix it.

   - Alain.