Le mardi 10 juillet 2007, Templin, Fred L a écrit : > I have been away from e-mail for the past week, but my > initial reaction is that perhaps some of the concerns are > already address in scenario/analysis documents published > by this wg, e.g, RFCs 3750, 3904, 4057, and 4852. (Also, > RFC4864 - Local Network Protection for IPv6.) I was under > the impression that these documents already clarify use > cases and address security concerns? RFC4057 does not explicitly states that automatic tunneling should not be used. I'd say it's probably obvious to us v6ops crowd. It might not be obvious to every IT requirements or security manager. Worst yet, RFC4852 reads: Having IPv6 applications on a Dual-IP host on a v4-only network requires some form of tunneling. Where configured tunnels are not sufficient, a more automatic solution may be appropriate. Available solutions include the Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) [ISTP] or Teredo [TRDO] to tunnel to a v6 end service. ISATAP [ISTP] can be used to provide end-node IPv6 connectivity from nodes on an isolated IPv4 network, through the use of automatic tunneling of IPv6 in IPv4. Teredo [TRDO] can be used when the enterprise network is behind a NAT. and further: The first stage begins with an IPv4-only network and IPv4 customers. This is the most common case today and the natural starting point for the introduction of IPv6. During this stage, the enterprise begins to connect individual IPv6 applications run on dual-stacked hosts through host-based tunneling using Tunnel Broker, ISATAP, or Teredo. Some early adopter networks are created for pilot studies and networked together through configured tunnels and 6to4. -- Rémi Denis-Courmont http://www.remlab.net/
Attachment:
signature.asc
Description: This is a digitally signed message part.