[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: SECDIR review: draft-ietf-v6ops-tunnel-concerns
> I think there's a real risk of this document being misunderstood
> by typical site IT managers, and being used simply as an excuse
> to block all kinds of tunnel-based v4/v6 coexistence. But tunnels
> are a legitimate coexistence strategy. I'd much rather see
> this document talking more about how to make the use of tunnels
> safe as part of v4/v6 coexistence. There is some of that material
> in the document, but the impression the draft leaves is now of
> a succession of warnings to block tunnels.
Actually, it is a succession of warning to block standardized tunnels, those that are well documented and have a clear signature. By doing so, we are pushing application developers to just "roll their own technologies", and indeed to use evasive techniques such as encrypted packets, random port numbers or tunneling of HTTP. I am not sure that network managers are going to like the result...
-- Christian Huitema