RE: 3gpp-analysis document and automatic tunneling

[Hesham Soliman <H.Soliman@flarion.com>]

 > > => That words between brackets above are not relevant
 > > to this tunnelling mechanism, this is more relevant
 > > to a 6-to-4 relay model, which is not what is being 
 > > discussed. Routing protocols can be secured. 
 > 
 > It's not as bad as 6to4 but any mechanism implementing any kind of
 > automatic tunneling requires very careful review.  The spec 
 > is very weak
 > on security considerations.  For example, there is no 
 > description how the
 > route advertisements in practice build and tear down the tunnel.
 > 
 > My fear is that implementations doing this would implement something
 > similar to "automatic tunneling interface with compatible 
 > addresses", 
 > which is inherently insecure.

=> That can be clarified of course. But I don't see
a fundamental security issue with this approach.
You advertise reachability as you do today.

 > 
 > Well, there has been general discussion of NAT-PT (or 
 > translation) too --
 > but that's something that's applicable in all scenarios.  
 > This is really
 > only an option in the ISP networks, so I think examining it 
 > in the ISP
 > context only, in those documents, seems the most useful approach.

=> It's applicable to anyone running a large IP network.
There is a complete overlap in some cases between the 
different scenarios being considered.

Hesham