[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: SECDIR review: draft-ietf-v6ops-tunnel-concerns
...
>> Why tunnelling over UDP or TCP? Why not tunnelling in IP as in 6to4?
>> I don't imagine that UDP makes it any more difficult to inspect than
>> an IP protocol.
>>
>> I think this statement should be changed to "Tunnelling through a
>> security device (ie. firewall) is not recommended for.. " etc.
>
> Sounds good. We will make this change.
Now you have me worried enough to say something I've been feeling
ever since I really read this draft carefully.
To exaggerate, <sarcasm> why not just rename it "tunneling considered
harmful" and chop it down to one paragraph? </sarcasm>
I think there's a real risk of this document being misunderstood
by typical site IT managers, and being used simply as an excuse
to block all kinds of tunnel-based v4/v6 coexistence. But tunnels
are a legitimate coexistence strategy. I'd much rather see
this document talking more about how to make the use of tunnels
safe as part of v4/v6 coexistence. There is some of that material
in the document, but the impression the draft leaves is now of
a succession of warnings to block tunnels.
Brian