ipv6

Matt lbo at beyondzero.net
Sat May 11 05:52:45 PDT 2002


On Fri, May 10, 2002 at 09:29:44AM -0500, budge wrote:

[...]


> In IPv4, to use IPsec, you must setup a VPN (virtual private
> network). Doing this means having a box at site A grab all
> the IP traffic heading for site B, encrypt and encapsulate
> it, and send it on to B where a box decrypts it and delivers
> it to the destination host(s). These gateway boxes at each
> end allow the internal networks at A and B run plain old
> unencrypted v4 AND exchange traffic inter-site as though
> they had a private secure line because the traffic is only
> encrypted for transport across the (insecure) Internet.
>
> All this can be done with v6 w/o having to have the
> gateway/tunnel boxen because encryption/authentication is
> part of the protocol, not layer on top of an insecure
> protocol. It will be very cool if it is ever deployed!

Just to clarify: what Budge describes above is one of two ways of using IPSec - tunnel mode. The other, called transport mode, is used to secure an end-node and a gateway. It is possible to use IPSec in such a way that your personal machine, say a laptop you have with you, can form a secure session with another computer without relying on intermediary hardware.

[...]


> Oh, and whoever thinks that IP addresses are 'randomly'
> distributed now is very confused.

Indeed. While the IPV4 address space is vast, the allocation system in early years was not efficient, and a lot are being wasted. IPV6 offers a much larger address space.

Matt

-- PGP RSA Key ID: 0x1F6A4471 aim: beyondzero123 PGP DH/DSS Key ID: 0xAFF35DF2 icq: 120941588

yahoo msg: beyondzero123 Without disclosure there is no truth, without truth no accountability.

-Richard Thieme



More information about the lbo-talk mailing list