Nathan Ward wrote:
On 17/02/2007, at 5:35 PM, Stuart MacIntosh wrote:
I agree, the security benefits are welcome. In my IPv6 network mr. router applies security in much the same way as a NAT-IPv4 router does.
Which ruins any end-to-end benefits that IPv6 was going to give over IPv4, right? (ie. SIP, etc. won't work, unless the router knows about it)
IPSec support is a requirement of the IPv6 specification. If people start blocking protocols on firewalls, or throttling/ratelimiting them then end users are just going to start enabling ESP. We already see this in a crude manner with people deliberately avoiding various TCP/IP ports that are "well known" to be related to bandwidth intensive applications because of real or percieved bandwidth limitations.
Proxies etc. can be deployed, and be working for everyone (save a few corner cases, perhaps), right now. They don't require any global switchover/upgrade/etc. and on top of that, they can be used as extra revenue streams/products/etc.
That's all fine for perhaps HTTP, HTTPS, DNS and SIP. What about bittorrent? How do you suggest you proxy that?