Re: Security of 6to4 (was: Re-prioritizing 6to4 over v4 addresses)
>>>>> "Marcus" == Marcus C Gottwald <mcg@cheers.de> writes:
Marcus> Henrique de Moraes Holschuh wrote (Mon 2010-Sep-20 15:13:13
Marcus> -0300):
>> Are you aware of the security implications? Unless you route the
>> relevant gateway prefixes yourself, you will be using a 6to4
>> gateway which can be anywhere and belong to anyone, subject to
>> the whims of BGP anycast.
Marcus> Security as in availability or as in integrity? With regard
Marcus> to availability: Well, yes, a tunnel might be more reliable,
Marcus> but I've seen 6to4 working very well so far.
And, if you want end-to-end integrity, we have IPsec, and you can even
usefully use AH thanks to the lack of NAT.
--
] He who is tired of Weird Al is tired of life! | firewalls [
] Michael Richardson, Sandelman Software Works, Ottawa, ON |net architect[
] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
Kyoto Plus: watch the video <http://www.youtube.com/watch?v=kzx1ycLXQSE>
then sign the petition.
Reply to: