Security of 6to4 (was: Re-prioritizing 6to4 over v4 addresses)

["Marcus C. Gottwald" <mcg@cheers.de>]

Henrique de Moraes Holschuh wrote (Mon 2010-Sep-20 15:13:13 -0300):

> Are you aware of the security implications?  Unless you route the relevant
> gateway prefixes yourself, you will be using a 6to4 gateway which can be
> anywhere and belong to anyone, subject to the whims of BGP anycast.

Security as in availability or as in integrity? With regard to
availability: Well, yes, a tunnel might be more reliable, but
I've seen 6to4 working very well so far.

With regard to integrity: There's no reason for me to trust my
local ISP and backbone operators any more than anybody else.
After all, I'm in Germany, where ISPs and phone companies have
to keep logs of everybody's activities and police wants to be
able to order ISPs to fiddle around with DNS records...


Regards, Marcus

-- 
   Marcus C. Gottwald  ·  <mcg@cheers.de>  ·  https://cheers.de