[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Opportunistic Tunneling
> > As the Unmanaged Analysis document is currently at WG Last Call, the
> > biggest issue appears to be the so-called "opportunistic tunneling",
> > i.e., automatic tunneling which would be possible without set-up or
> > ISP support. Examples of these are 6to4 and Teredo. (No other
> > specific proposals have been made.) We need to figure out how to
move
> > forward. The critical questions are at least:
> >
> > 1) Do we agree that this is something we need in the first place?
> > * Considering user-driven deployment, maybe not.
> > - example: the user says "I want to use application X" or "I
> > want to use functionality Y", where X or Y would require
> > IPv6.
> > * Considering large-scale vendor-centric deployment, probably
> > yes.
The reality is that 6to4 and Teredo solution are being deployed, so I
wonder whether we really need a long discussion about whether or not
they are needed. It would perhaps be more important to discuss how the
deployment can be tuned...
> > 2) What are the models for deploying relays, considering the
economic
> > or deployment considerations (in-host, in-site, network)?
> > * And what are the implications of any approach?
> > * Can we decide on the recommended model?
The unmaneval draft includes a section that discussed these points.
> > 3) For NAT traversing, opportunistic tunneling, are there any
> > features in Teredo which are missing or are unnecessary? I.e.,
> > how good a fit would it be? Are there alternatives?
>
> 4) security implication of such technology. for instance, 6to4
> relay
> router can easily abused. how about Teredo, and other
> technologies?
The Teredo draft includes a rather extensive security analysis.
Obviously, we may have missed some threats, but we certainly thought
hard about it.
-- Christian Huitema