Interworking of IPv6 Security with Other Services

The provision of IPSEC in IPv6 is a giant step forward with respect to providing security on the Internet. There are a variety of different uses of IPSEC within the basic Internet Protocol Suite, such as general confidentiality of transmission, authentication of peer entities (e.g., for routing updates, server lookups for DNS, DHCP-based autoconfiguration, etc.) and prevention (or at least reduction) of denial-of-service and man-in-the-middle attacks.

However, the provision of IPSEC service also influences the security elements used in application-layer protocols. Simple services such as telnet, FTP, DNS, and SNMP-based network management may now rely solely on IPSEC for obtaining sufficient security (the operating system environment is considered outside the scope of IPSEC, although some recommendations exist concerning the handling of keying material within the software). Other, more complex applications, such as electronic mail, require more complex security elements, however, such as nonrepudiation of receipt, proof of origin, or specific encryption of information on the application or even user level; these elements are not directly obtainable from IPSEC operating solely on the network layer. Although these application-level security elements may profit from the provision of IPSEC services (i.e., they may rely on completely secure, authentic, and reliable end-to-end transport of content), they still need to provide their own ...

Get IPv6 Essentials now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.