shim6 (was Re: IPv6 news)

• Previous message (by thread): shim6 (was Re: IPv6 news)
• Next message (by thread): shim6 (was Re: IPv6 news)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Christopher,

On Oct 14, 2005, at 9:32 PM, Christopher L. Morrow wrote:
>> You know, if you describe it that way too many times, people who are
>> only paying half-attention are going to say "IPv6 has something  
>> almost
>> like NAT, only different".
> you know... shim6 could make 'source address' pointless, you COULD  
> just do
> NAT instead :) or do shim6 which looks like NAT ... if you don't  
> get the
> host auth parts correct/done-well you might even be able to send  
> traffic
> off to the 'wrong' place :) it'll be neat!

I believe relying on the address as any sort of authentication is a  
mistake.  Given IPv6 was, at least in theory, supposed to require  
IPSEC, I would have thought the use of the source address for  
anything other than connection demultiplexing would have been a waste  
of time.

Of course, that assumes that people actually implement "required"  
parts of protocol specifications.  As has been seen countless times,  
what happens in practice doesn't seem to conform to what is required  
in theory.  Do all IPv6 stacks implement IPSEC?

Rgds,
-drc

• Previous message (by thread): shim6 (was Re: IPv6 news)
• Next message (by thread): shim6 (was Re: IPv6 news)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]