Re: shim6 (was Re: IPv6 news)

North American Network Operators Group

Re: shim6 (was Re: IPv6 news)

From: David Conrad
Date: Sat Oct 15 00:54:01 2005

Christopher,

On Oct 14, 2005, at 9:32 PM, Christopher L. Morrow wrote:

You know, if you describe it that way too many times, people who are
only paying half-attention are going to say "IPv6 has something almost
like NAT, only different".

you know... shim6 could make 'source address' pointless, you COULD just do
NAT instead :) or do shim6 which looks like NAT ... if you don't get the
host auth parts correct/done-well you might even be able to send traffic
off to the 'wrong' place :) it'll be neat!

I believe relying on the address as any sort of authentication is a mistake. Given IPv6 was, at least in theory, supposed to require IPSEC, I would have thought the use of the source address for anything other than connection demultiplexing would have been a waste of time.

Of course, that assumes that people actually implement "required" parts of protocol specifications. As has been seen countless times, what happens in practice doesn't seem to conform to what is required in theory. Do all IPv6 stacks implement IPSEC?

Rgds,
-drc

Follow-Ups:
- Re: shim6 (was Re: IPv6 news) Christopher L. Morrow

References:
- Re: IPv6 news Peter Lothberg
- Re: IPv6 news Jeroen Massar
- Re: IPv6 news Christopher L. Morrow
- Re: IPv6 news Jeroen Massar
- Re: IPv6 news Christopher L. Morrow
- Re: IPv6 news Joe Abley
- shim6 (was Re: IPv6 news) David Conrad
- Re: shim6 (was Re: IPv6 news) Joe Abley
- Re: shim6 (was Re: IPv6 news) Daniel Roesen
- Re: shim6 (was Re: IPv6 news) Valdis.Kletnieks
- Re: shim6 (was Re: IPv6 news) Christopher L. Morrow