The cork is already off the bottle so here I go too :-)
On Fri, 16 Nov 2001 [EMAIL PROTECTED] wrote:
> As the always-on network is becoming popular, lots of nodes, not
> only ordinary PCs but also various information appliances such as
> sensors, home appliances, AV equipments, are to be connected to the
> Internet.
Note: there isn't much discussion on certain MIPv6-mandated subjects, like
Home Address Option processing. One will have to clarify this; however
MIPv6 is under much discussion as right now so the situation could change.
--8<--
3.3 Neighbor Discovery for IP Version 6 (IPv6) (RFC2461) [22]
Because of IPv6 minimum host definition, the following functions for
routers can be omitted.
- Sending router advertise messages
- Receiving router solicitation messages
- Sending redirect messages
--8<--
I don't think it's a good idea to suggest router solicitations can be
omitted. MinRtrAdvInterval could be rather large, and it might take very
long to get the next periodical advertiment. RS is not such a complex
matter.
--8<--
4.1 Consideration of security for LCNAs
[...]
Currently, there are several issues that prevents from realizing
security even if IPsec minimum specification is implemented. The
first issue is the network environment. In order to deploy minimum
hosts on current network environment, we cannot neglect existing
IPv4 networks. So, we have to assume NAT or IPv4/IPv6 translators
between the minimum host and the correspondent host. Current IPsec
cannot handle such a situation, which means the effectiveness of
security mechanism relying upon IPsec is very limited.
--8<--
The draft didn't want to discuss transition issues (2.2), now you bring
them up anyway. I think it's very safe to assume that IPv6 space the
application seems is fully global without NAT's or anything.
Further, I'm not sure whether there actually much need to be able to use
IPSEC (or any connections) past the translator. A picture:
Internet --- ISP router --- Home Router --- LCNA box
The translation happens either in Internet, ISP router or Home Router.
The primary target of the services are home users, that is, those that
would never need translation or are pretty safe anyway.
If someone would like to use LCNA from the Internet, I'd suggest mandating
IPv6; we cannot be held hostage by legacy IPv4/NAT (plus how these affect
IPSEC) issues.
Therefore I think it might be safe to assume there are no unsurmountable
problems w.r.t. IPSEC use.
--8<--
6. Security Consideration
RFC3401
--8<--
RFC3041 :-)
--
Pekka Savola "Tell me of difficulties surmounted,
Netcore Oy not those you stumble over and fall"
Systems. Networks. Security. -- Robert Jordan: A Crown of Swords
--------------------------------------------------------------------
IETF IPng Working Group Mailing List
IPng Home Page: http://playground.sun.com/ipng
FTP archive: ftp://playground.sun.com/pub/ipng
Direct all administrative requests to [EMAIL PROTECTED]
--------------------------------------------------------------------
