Interworking of IPv6 Security with Other Services
The provision of IPSEC in IPv6 is a giant step forward with respect to providing security on the Internet. There are a variety of different uses of IPSEC within the basic Internet Protocol Suite, such as general confidentiality of transmission, authentication of peer entities (e.g., for routing updates, server lookups for DNS, DHCP-based autoconfiguration, etc.) and prevention (or at least reduction) of denial-of-service and man-in-the-middle attacks.
However, the provision of IPSEC service also influences the security elements used in application-layer protocols. Simple services such as telnet, FTP, DNS, and SNMP-based network management may now rely solely on IPSEC for obtaining sufficient security (the operating system environment is considered outside the scope of IPSEC, although some recommendations exist concerning the handling of keying material within the software). Other, more complex applications, such as electronic mail, require more complex security elements, however, such as nonrepudiation of receipt, proof of origin, or specific encryption of information on the application or even user level; these elements are not directly obtainable from IPSEC operating solely on the network layer. Although these application-level security elements may profit from the provision of IPSEC services (i.e., they may rely on completely secure, authentic, and reliable end-to-end transport of content), they still need to provide their own ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access