On Fri, 08 Aug 2008 18:53:23 EDT, Deepak Jain said:
o Security. With IPv4, IPsec is optional and you need to ask the peer if it supports IPsec. With IPv6, IPsec support is mandatory. By mandating IPsec, we can assume that you can secure your IP communication whenever you talk to IPv6 devices.
The *actual* distinction here is that an implementation can be a fully compliant IPv4 stack without any code to do IPSEC. The IPv6 stack is required to have the code. Nowhere does it say that it has to be enabled or configured, with the end result that probably 99.87% of the machines running IPv6 don't actually have the ability to negotiate an IPSEC connection. I suspect that in actual usage, it's a wash, because the sites that actually bother to configure IPSEC for IPv6 do it because they're *already* doing IPSEC for IPv4. Does anybody know of an actual production site that actually does IPSEC for IPv6 but not for IPv4?