[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IPsec support for NAT-PT in IPv6

To: "Inseok Choi" <ischl@cns.ssu.ac.kr>
Subject: Re: IPsec support for NAT-PT in IPv6
From: Francis Dupont <Francis.Dupont@enst-bretagne.fr>
Date: Tue, 02 Nov 2004 14:20:15 +0100
Cc: v6ops@ops.ietf.org
In-reply-to: Your message of Tue, 02 Nov 2004 15:16:44 +0900. <200411020617.iA26GxNg026302@coliposte.enst-bretagne.fr>

 In your previous mail you wrote:

   in 2.1 ==> My proposed mechanism was assume IKE using preshared key Phase.

=> preshared key with not predictable address doesn't work in main mode,
there is nothing to do to fix that because this is an intrinsic feature
(identity protection).

   If we can't IKE using use certificate, we should use IKE using other way.
   
   in IPsec using UDP encapsulation ==> NAT-PT can't apply to it.

=> why? UDP encapsulation is there to help header translation and is
not limited to NAT.

   If we use IPsec using UDP encapsulation in NAT-PT, NAT-PT server
   may send IPv4-in-IPv6 packet.

=> I can't see the problem: the user wants to protect and encapsulate
its IPv6 packet...

   However IPv4 node don't understand IPv6 packet.
   
=> so tunnel mode is not usable but transport is.

   Therefore, NAT traversal method can be applied to NAT-PT mechanism.
   
Regards
   
Francis.Dupont@enst-bretagne.fr

Follow-Ups:
- RE: IPsec support for NAT-PT in IPv6
  - From: "Inseok Choi" <ischl@cns.ssu.ac.kr>

Prev by Date: RE: draft-nielsen-v6ops-3GPP-zeroconf-goals-00.txt
Next by Date: Re: POLL: SPs' IPv6 (tunnel) deployment requirements (fwd)
Previous by thread: RE: IPsec support for NAT-PT in IPv6
Next by thread: RE: IPsec support for NAT-PT in IPv6
Index(es):
- Date
- Thread