Although security was one of the foremost concerns after address-space enlargement when IPv6 was designed, it appears that some ad hoc solutions, such as NAT and CIDR, as well as the availability of security elements such as SSL (standardized by IETF as TLS), SSH, and secure email (S/MIME, PGP) in IPv4 networks, have delayed the deployment of IPv6. While this delay leaves the Internet open for attacks for a longer period of time and leads to additional complexity and management overhead, it has given protocol designers more time to improve their plans.

While the base standards for IPSEC are considered stable and will be extended mostly in the area of allowing additional encryption or authentication algorithms, more work remains to be done in the IKE area and in improving protection mechanisms against traffic analysis and denial-of-service/flooding attacks. The full deployment of IPSEC will also largely depend on the availability of a technically, organizationally, and politically acceptable and workable PKI capable of handling a large number of user or software process certificates.

A final issue for IPSEC is the management of its complexity. Many IPSEC mechanisms and their consequences are no longer easy to understand and are thus error-prone in implementation and operation, even though “intuitive” user interfaces for end-system configuration (e.g., for applying ESP or AH security to connections specified by port numbers, IP addresses, etc.) ...