Re: Routing with 6to4 *and* a tunnel

[Michael Richardson <mcr@sandelman.ottawa.on.ca>]

-----BEGIN PGP SIGNED MESSAGE-----


>>>>> "Wouter" == Wouter Verhelst <wouter@grep.be> writes:
    Wouter> Of course, by properly setting up mobile IPv6 extensions,
    Wouter> you could sidestep this issue and get the best of both
    Wouter> worlds; but since mobile IPv6 requires a kernel patch and
    Wouter> (IIUC) a working IPsec setup, this is too much of a PITA to
    Wouter> set up currently, I think.

  The mobile IPv6 folks did specify IPsec protection to binding updates,
true. However, they didn't solve the problem of the trust model, and
were not willing to use available technology. (see
draft-richardson-ipsec-opportunistic).

  If you have IPsec with your home agent (which you also need), then you
don't really need mobile IPv6, except to talk to your correspondants. If
they were willing to trust your IPsec secured binding updates, then you
could also just build an IPsec tunnel with them and be done with it.

  True, getting a static v4 can be hard --- IPsec can easily help there,
but that is introducing yet another tunnel.  My suggestion is always to
seek another ISP that will give you a static IP.

- -- 
] Michael Richardson          Xelerance Corporation, Ottawa, ON |  firewalls  [
] mcr @ xelerance.com           Now doing IPsec training, see   |net architect[
] http://www.sandelman.ca/mcr/    www.xelerance.com/training/   |device driver[
]                    I'm a dad: http://www.sandelman.ca/lrmr/                 [

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Finger me for keys

iQCVAwUBQsGiIoqHRg3pndX9AQF3XAQAxtsRVPOHsvvkJmBaLrYxW8L/nGShD+Vd
WUmV+Ng0t/2upCoOMHmh0ebzb66cu19Rg3KjFfAdwQQpJBxxF5pLfulqep9Hsg1K
JaSarc+SKz3xg3o3x75h48FC16H7Coi0++SQm02RXlFjzSEFqxsSmfltX45yywQP
0tgZDp+MJSg=
=7I+8
-----END PGP SIGNATURE-----