Hi HuiI think there is very little difference between IPv4 and IPv6 as regards to IPsec. See below
On Oct 11, 2009, at 9:50 AM, Hui Deng wrote:
Dear IPsec forks, May I get advice about the differnce between them: 1) IPv4 doesn't mandate the support IPsec, IPv6 also doesn't mandate it based on RFC?
IPv4 does not mandate it, because IPv4 predates IPsec. RFC 4294 says in section 8.1:
Security Architecture for the Internet Protocol [RFC-4301] MUST be supported.
2) Most IPv4 hosts have(Linux, BSD, Windows) by default implemented IPsec(IKE), but don't launch it, need more configuration? Most IPv6 hosts haven't by default implemented IPsec(IKE), it need further download and configuration?
IPv6 hosts, like IPv4 hosts, run Linux, BSD, Windows or some other OS. With most of them, the latest versions support IPv6 for IKE and IPsec.
3) IPv4 IPsec need traversal NAT, but IPv6 don't need it, so it could support more about end to end other than site to site.
That is assuming that IPv6 does not have NAT. I don't think we have enough implementation experience to say that for sure.
4) IPv6 IPsec support is based on extension header which is different from IPv4, it may more closer to the kernal level implementation.
I don't see why this would necessarily be true.
thanks for the discussion. best regards, -Hui
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec