[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Opportunistic Tunneling
On Thu, 12 Feb 2004, Jun-ichiro itojun Hagino wrote:
[...]
>
> 4) security implication of such technology. for instance, 6to4 relay
> router can easily abused. how about Teredo, and other technologies?
Certainly, this is an important factor. However, problem with
"security" is that we must somehow be able to quantify and evaluate
it. How much is enough?
A couple of possibilities w.r.t. deployment have been proposed
earlier, which mitigate this; at least:
a) don't deploy relays at all, period. Users of a transition
mechanism can only talk to the users of the same transition
mechanism. Creates separate IPv6 Internets, but is not
necessarily only a bad thing.
b) deploy relays, if possible "internal to the node". I.e.,
recommend that all dual-stack nodes include some kind of
minimalistic relay functionality. Similar to above, implying that
all nodes would act similarly has having all the transition
mechanisms. (This works with Teredo, but not with 6to4.)
c) deploy relays inside the dual-stack sites, not in the general
Internet. This might lower the abuse problems a little bit. (The
relay is held responsible for abuse.)
[ and the current thinking, at least with 6to4 : ]
d) deploy relays anywhere in the Internet.
Only, options b) through d) seem to be against economic realities (see
the unmanaged analysis document) and shifting the burden of transition
mechanisms to those who implement proper dual-stack, and a) would be
creating separate Internets.
It's worth remembering my point about "user-centric" vs.
"vendor-centric" deployment models. With vendor-centric, a mechanism
like 6to4 or Teredo is a pretty much a must. With user-centric,
that's not necessarily the case.
We have only bad choices, I fear.
--
Pekka Savola "You each name yourselves king, yet the
Netcore Oy kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings