Chapter 6. Security with IPv6
The developers of IPv4 did not rack their brains about security. The âInternetâ in those early days connected a few trusted networks of some visionary researchers. The individuals who controlled these networks, as well as those who were allowed to use the networked resources, were implicitly trusted to not cause any malicious or destructive behavior. This is the reason why the original IP architecture does not include a security framework that can be used by all applications. If security was needed, it was usually rudimentary authentication/authorization and was included in the application code (e.g., the password for Telnet and FTP). Many years later, IPsec was introduced when IPv4 had already been widely deployed. Therefore, it needed to be retrofitted into existing deployments. Due to interoperability and performance issues and to the fact that it was developed later, IPsec is not as widely deployed as it could be in many IPv4 scenarios. This is in contrast to IPv6, which from the beginning had the notion that fundamental security functionality had to be included in the base protocol in order to be used on any Internet platform. In the early days of IPv6, a standards-conforming IPv6 implementation had to include IPsec to allow more secured communication once it was appropriately configured. This strict rule has been loosened recently, but more about this later. Before we dive into the technical details, I want to talk about some general security ...
Get IPv6 Essentials, 3rd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
