Hi Christian, Thanks for your comments. Please see my response inline Christian Huitema wrote:
I think there's a real risk of this document being misunderstood by typical site IT managers, and being used simply as an excuse to block all kinds of tunnel-based v4/v6 coexistence. But tunnels are a legitimate coexistence strategy. I'd much rather see this document talking more about how to make the use of tunnels safe as part of v4/v6 coexistence. There is some of that material in the document, but the impression the draft leaves is now of a succession of warnings to block tunnels.Actually, it is a succession of warning to block standardized tunnels, those that are well documented and have a clear signature.
> By doing so, we are pushing application developers to just "roll
their own technologies", and indeed to use evasive techniques such as
> encrypted packets, random port numbers or tunneling of HTTP. I am not > sure that network managers are going to like the result...While I agree with you about the possibility of an "arms race" I really do not see anything we can do about this. What would you recommend instead? I am really open to suggestions.
Thanks Suresh