[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Approaches to use IPsec to secure v6-over-v4 tunnels
> > We know how to do this we are doing it now on networks. We don't
> > need the IETF's help. Yes we have discussed this in
> depth. This is
> > not the issue. Issue is PKI. IETF should help with PKI. This is
> > also in many tutorials for admins being trained on IPv6 now.
>
> Could you clarify what you mean with "We" here? :) Even if you are
> bright enough to figure it on your own, that doesn't mean everyone
> else is -- there seems to be ample evidence to the contrary :). So,
> at least an Internet-Draft would be useful, to identify the issues
> concerned. Whether an Informational RFC would be useful or not would
> remain to be seen.
=> I'm trying to understand whether the non-trivial part
is implementation-related or interoperation-related. In the
implementation space there are certainly issues like whether
the IPsec HW has been upgraded to handle this without doing
IPv6 in IPv4 in IPv4 (i.e. IPv4 tunnel mode for a tunnelled
IPv6 packet). But when it comes to interoperability I'm not
sure if there is an issue. I thought that this would work
out of the box.
Hesham
>
> I also brought this up in the security area, and they certainly
> thought this is interesting -- and non-trivial.
>
> --
> Pekka Savola "You each name yourselves king, yet the
> Netcore Oy kingdom bleeds."
> Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings
>
>