nanog mailing list archives
Re: IPv6 FAQ
From: Valdis.Kletnieks () vt edu
Date: Sun, 10 Aug 2008 01:33:01 -0400
On Fri, 08 Aug 2008 18:53:23 EDT, Deepak Jain said:
o Security. With IPv4, IPsec is optional and you need to ask the peer if it supports IPsec. With IPv6, IPsec support is mandatory. By mandating IPsec, we can assume that you can secure your IP communication whenever you talk to IPv6 devices.
The *actual* distinction here is that an implementation can be a fully compliant IPv4 stack without any code to do IPSEC. The IPv6 stack is required to have the code. Nowhere does it say that it has to be enabled or configured, with the end result that probably 99.87% of the machines running IPv6 don't actually have the ability to negotiate an IPSEC connection. I suspect that in actual usage, it's a wash, because the sites that actually bother to configure IPSEC for IPv6 do it because they're *already* doing IPSEC for IPv4. Does anybody know of an actual production site that actually does IPSEC for IPv6 but not for IPv4?
Attachment:
_bin
Description:
Current thread:
- IPv6 FAQ Deepak Jain (Aug 08)
- Re: IPv6 FAQ David Conrad (Aug 08)
- RE: IPv6 FAQ michael.dillon (Aug 09)
- Re: IPv6 FAQ Valdis . Kletnieks (Aug 09)
- Re: IPv6 FAQ Randy Bush (Aug 09)