At 11:29 PM +0800 10/14/09, Zhen Cao wrote:
O...
> IPv6 hosts, like IPv4 hosts, run Linux, BSD, Windows or some other OS. With
> most of them, the latest versions support IPv6 for IKE and IPsec.
I guess we do not need tunnel model for IPv6 ipsec?
what makes you say that? unnelT mode is still needed for SG-SG SAs,
or host-SG SAs.
3) IPv4 IPsec need traversal NAT, but IPv6 don't need it, so it could
support more about end to end other than site to site.
>
That is assuming that IPv6 does not have NAT. I don't think we have enough
implementation experience to say that for sure.
Can it be at-least considered one advantage of IPv6 IPSEC?
Not really.
Another point is: "One possible advantage for IPv6 IPsec is that
IPv6's extension header chaining feature, which is not present in
IPv4, could be used to authenticate a secure host-to-host scenario
exchange to a third party gateways which would provide authorized
access into and out of secure enclaves". -quote from
http://www.commandinformation.com/blog/?p=98. Is this valid?
I think that is an unlikely scenario, if only due to key management issues.
Steve
_______________________________________________
IPsec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ipsec
