Re: Teredo vs Silkroad

["Eiffel Wu" <xgwu@ict.ac.cn>]

----- Original Message ----- 
From: "Christian Huitema" <huitema@windows.microsoft.com>
To: "Eiffel Wu" <xgwu@ict.ac.cn>; <alh-ietf@tndh.net>
Cc: <pekkas@netcore.fi>; <v6ops@ops.ietf.org>
Sent: Tuesday, May 25, 2004 2:27 PM
Subject: RE: Teredo vs Silkroad


> As a comparison, Teredo address consists of clinet ipv4 address and
udp 
> port, which must be different with last one. How can Teredo Client be
> found if there is no appropriate naming service ? Teredo does not 
> provide such a naming service.

Yes, this is a trade-off. The advantage of building the IPv6 address
from the IPv4 address is that you don't need strong security to prevent
spoofing: you just need to make sure that packets are routed to the
embedded IPv4 address. If you make the IPv6 address independent of the
underlying IPv4 address the address may become long-lived, but the
tunnel servers must implement a strong security procedure to make sure
that the address is not spoofed.

Just as the qualification procedure of Teredo Client, the authentication procedure 
between SC and SAR will be added in later versions. Do you think it is enough
to  prevent the SAR being spoofed? Any comments or advice on security consideration
about Silkroad are welcome.


Then, as you mention, if the address is not long-lived, you need some
form of name resolution to associate the short lived address with a
long-lived name. There are some obvious choices: dynamic DNS or SIP, for
example.

What choices does Teredo advise, dynamic DNS or SIP, or some others ?

Eiffel Wu