[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Security of 6to4 (was: Re-prioritizing 6to4 over v4 addresses)

>>>>> "Marcus" == Marcus C Gottwald <mcg@cheers.de> writes:
    Marcus> Henrique de Moraes Holschuh wrote (Mon 2010-Sep-20 15:13:13
    Marcus> -0300):

    >> Are you aware of the security implications?  Unless you route the
    >> relevant gateway prefixes yourself, you will be using a 6to4
    >> gateway which can be anywhere and belong to anyone, subject to
    >> the whims of BGP anycast.

    Marcus> Security as in availability or as in integrity? With regard
    Marcus> to availability: Well, yes, a tunnel might be more reliable,
    Marcus> but I've seen 6to4 working very well so far.

And, if you want end-to-end integrity, we have IPsec, and you can even
usefully use AH thanks to the lack of NAT.

-- 
]       He who is tired of Weird Al is tired of life!           |  firewalls  [
]   Michael Richardson, Sandelman Software Works, Ottawa, ON    |net architect[
] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
   Kyoto Plus: watch the video <http://www.youtube.com/watch?v=kzx1ycLXQSE>
	               then sign the petition.
Reply to: