There is a debate going around our lab about whether or not it is
possible to secure a 6to4 network.
The argument in favor is as follows:
Secure the Ipv4 side with standard IPSec. Have a secure
connection (Still IPv4) with the 6to4 translating router.
Secure the Ipv6 side with Ipv6 Ipsec. Have a secure (Ipv6)
connection to the 6to4 translating router.
The theory is that the 6to4 router will un-encrypt
the Ipv4 data, and re-encrypt it when sending to the Ipv6 network.
Another theory is that the Ipv6 IPSec and the Ipv4 IPSec will be
able to establish a security association with each other, as long as the key
(Pre-shared secret) and the encryption settings are the same.
I have had a heck of a time finding any detailed information on this and
would greatly appreciate any feedback I can get.
Thanks!
"You know, sometimes it is the artist's task to find out how much music you
can still make with what you have left." --- Itzhak Perlman (Nov. 18,
1995,)
Matthew Dollinger
IPSec/NQL Lab
--------------------------------------------------------------------
IETF IPng Working Group Mailing List
IPng Home Page: http://playground.sun.com/ipng
FTP archive: ftp://playground.sun.com/pub/ipng
Direct all administrative requests to [EMAIL PROTECTED]
--------------------------------------------------------------------
