RE: Approaches to use IPsec to secure v6-over-v4 tunnels

["Soliman Hesham" <H.Soliman@flarion.com>]

 > > We know how to do this we are doing it now on networks.  We don't
 > > need the IETF's help.  Yes we have discussed this in 
 > depth.  This is
 > > not the issue.  Issue is PKI.  IETF should help with PKI.  This is
 > > also in many tutorials for admins being trained on IPv6 now.
 > 
 > Could you clarify what you mean with "We" here? :)  Even if you are
 > bright enough to figure it on your own, that doesn't mean everyone
 > else is -- there seems to be ample evidence to the contrary :).  So,
 > at least an Internet-Draft would be useful, to identify the issues
 > concerned.  Whether an Informational RFC would be useful or not would
 > remain to be seen.

=> I'm trying to understand whether the non-trivial part
is implementation-related or interoperation-related. In the
implementation space there are certainly issues like whether
the IPsec HW has been upgraded to handle this without doing 
IPv6 in IPv4 in IPv4 (i.e. IPv4 tunnel mode for a tunnelled
IPv6 packet). But when it comes to interoperability I'm not
sure if there is an issue. I thought that this would work
out of the box. 

Hesham

 > 
 > I also brought this up in the security area, and they certainly 
 > thought this is interesting -- and non-trivial.
 > 
 > -- 
 > Pekka Savola                 "You each name yourselves king, yet the
 > Netcore Oy                    kingdom bleeds."
 > Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings
 > 
 >