Security and Privacy with IPv6

摘要

All end-to-end security models today inherently imply security above the transport layer. PGP S/MIME and SSL secure higher layer objects and hand them down to the lower layers. In addition, link-layer security mechanisms ensure privacy on the physical communications link, hop-by-hop. IPSec in IPv6 implies security at the network layer. It complements the security mechanisms at the other layers and does not eliminate the need for them. Users are becoming increasingly mobile and are demanding increasing flexibility, making perimeter security (firewalls, etc) less effective for organizations. In a world where applications are increasingly developed as Web services and port tunneling techniques are well advanced, firewalls, once seen as critical to system security are increasingly perceived as having limitations [Singer, 2003] Business applications will benefit by taking advantage of the IPv6 security infrastructure. There is an implicit need here for confidentiality as well as authentication. While security mechanisms today provide for confidentiality of objects, data in transit (transport payload) as well as link layer encryption, there is nonspecific security mechanism at the network layer. The most important benefits for such a specific community are twofold. All sources of data can be authenticated and data confidentiality can be provided with the use of IPSec. Given that such a community most likely already has a specific PKI developed for its own use, deployment of IPSec with this PKI becomes simply a matter of integration of the two.