[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: direct tunneling vs site's control [RE: POLL: Consensus for moving forward with Teredo?]

To: "Bound, Jim" <jim.bound@hp.com>, "Pekka Savola" <pekkas@netcore.fi>
Subject: RE: direct tunneling vs site's control [RE: POLL: Consensus for moving forward with Teredo?]
From: "Christian Huitema" <huitema@windows.microsoft.com>
Date: Sat, 1 May 2004 22:09:43 -0700
Cc: "Liu Min" <liumin@ict.ac.cn>, <v6ops@ops.ietf.org>

> That is the end result (loss of manageability) but the root cause was
> permitting hard coded prefixes in the network.

I believe the root cause is using unmanaged hosts in a context where
secure behavior is expected. If you want to assert security properties
of the hosts, then you absolutely need to manage them and control what
kind of software they run. Otherwise, even without Teredo and 6to4, it
is pretty trivial to set up an IPv6 tunnel to some random place.

-- Christian Huitema

Prev by Date: RE: direct tunneling vs site's control [RE: POLL: Consensus for moving forward with Teredo?]
Next by Date: Re: POLL: Consensus for moving forward with Teredo?
Previous by thread: RE: direct tunneling vs site's control [RE: POLL: Consensus for moving forward with Teredo?]
Index(es):
- Date
- Thread