On Fri, 2004-06-18 at 07:53, Pekka Savola wrote: > FYI -- > > Comments etc. of course welcome. <SNIP> > This document gives guidance on securing IPv6-in-IPv4 tunnels using > IPsec. No additional protocol extensions are described beyond those > available with the revised IPsec framework. IKEv2 is extensively > used as an authentication and key exchange protocol to cover address > configuration procedures, and the usage of the Extensible > Authentication Procotol and NAT traversal capabilities is also > described. IMHO it is a bit 'late' to start securing proto-41. It has been in use already for too long and by too many people. IPSEC on hosts and routers is near-to-none in existence, notez bien that IPSEC in IPv6 is a mandatory item of IPv6 stacks and that many stacks simply don't have it ;). Setting up an IPSEC connection costs a lot of effort and negotiation. Not even talking about the note about traveling the NAT's ;) Thus this memo does have a good value for people who want to secure it afterall, but I don't think that it will actually happen a lot due to the above three items. I didn't find any content issues in my quick glance. Greets, Jeroen
Attachment:
signature.asc
Description: This is a digitally signed message part