Hi Brian, Thanks for your comments. Please see responses inline. Brian E Carpenter wrote:
...Why tunnelling over UDP or TCP? Why not tunnelling in IP as in 6to4? I don't imagine that UDP makes it any more difficult to inspect than an IP protocol. I think this statement should be changed to "Tunnelling through a security device (ie. firewall) is not recommended for.. " etc.Sounds good. We will make this change.Now you have me worried enough to say something I've been feeling ever since I really read this draft carefully. To exaggerate, <sarcasm> why not just rename it "tunneling considered harmful" and chop it down to one paragraph? </sarcasm>
The draft is about security concerns with tunnels. It discusses concerns and associated recommendations if the concern is considered valid by an admin. It was not our goal to say "tunneling considered harmful" but rather to say "If you want to do foo, tunneling might prevent you from doing foo. So disable tunnels" or "If you don't want your users to do foo, tunneling might allow them to do foo. So disable tunnels".
I think there's a real risk of this document being misunderstood by typical site IT managers, and being used simply as an excuse to block all kinds of tunnel-based v4/v6 coexistence. But tunnels are a legitimate coexistence strategy. I'd much rather see this document talking more about how to make the use of tunnels safe as part of v4/v6 coexistence. There is some of that material in the document, but the impression the draft leaves is now of a succession of warnings to block tunnels.
Although the draft started out as security concerns related to Teredo tunnels, it has been generalized to all kinds of tunnels and not limited to v4/v6 transition tunnels. The draft lists problems and possible solutions to those problems. If you think there is a problem with the tone of the document, I am sure we can work on fixing it, but I sincerely believe that all the stated concerns are real and not FUD.
Thanks Suresh