RE: Opportunistic Tunneling

["Christian Huitema" <huitema@windows.microsoft.com>]

> > As the Unmanaged Analysis document is currently at WG Last Call, the
> > biggest issue appears to be the so-called "opportunistic tunneling",
> > i.e., automatic tunneling which would be possible without set-up or
> > ISP support.  Examples of these are 6to4 and Teredo. (No other
> > specific proposals have been made.)  We need to figure out how to
move
> > forward.  The critical questions are at least:
> >
> >  1) Do we agree that this is something we need in the first place?
> >      * Considering user-driven deployment, maybe not.
> >         - example: the user says "I want to use application X" or "I
> >           want to use functionality Y", where X or Y would require
> >           IPv6.
> >      * Considering large-scale vendor-centric deployment, probably
> >        yes.

The reality is that 6to4 and Teredo solution are being deployed, so I
wonder whether we really need a long discussion about whether or not
they are needed. It would perhaps be more important to discuss how the
deployment can be tuned...

> >  2) What are the models for deploying relays, considering the
economic
> >     or deployment considerations (in-host, in-site, network)?
> >      * And what are the implications of any approach?
> >      * Can we decide on the recommended model?

The unmaneval draft includes a section that discussed these points.

> >  3) For NAT traversing, opportunistic tunneling, are there any
> >     features in Teredo which are missing or are unnecessary? I.e.,
> >     how good a fit would it be?  Are there alternatives?
>
> 	4) security implication of such technology.  for instance, 6to4
> relay
> 	   router can easily abused.  how about Teredo, and other
> technologies?

The Teredo draft includes a rather extensive security analysis.
Obviously, we may have missed some threats, but we certainly thought
hard about it.

-- Christian Huitema