[ipv6hackers] Implications of IPv6 on network firewalls

Marc Heuse mh at mh-sec.de
Tue Mar 27 08:07:05 CEST 2012

>>> I guess your assessment is good for the environment, since I consider it
>>> unlikely for, say, printers to ship with all the machinerary necessary
>>> to make the printing job work over IPsec (over IPv6).
>> http://h30046.www3.hp.com/large/solutions/JetDirect635n_WW_DS_Rev_1.pdf ;-)
>> Secure printing is an important issue in a major enterprise... not to
>> be underrated...
> Do you know many cases where they currently rely on that?

I know several companies who wanted to have a secure printing
environment, but due cost and support etc they implemented - dunno the
official name for it - "print where you are" with a contactless
smartcard plus user certificates.

what I am sure about is that quite some companies will have it in their
buying requirements, just because they think they might enable it in the

but I doubt that the ipsec way will ever be deployed expect in very
small organisations or those with very high security requirements like
although the overhead is manageble on Windows devices, it is a bit more
for Cisco and such printers, and too much of a burder for everything
else where it is not automated out of the box to distribute the
certificates. (NAS, old printers, Unix servers, office automation, etc.)

the cost to move to ipsec is high, and it limits the flexibility of the
network, e.g. moving devices, changing ip addresses.


Marc Heuse

PGP: FEDD 5B50 C087 F8DF 5CB9  876F 7FDD E533 BF4F 891A

More information about the Ipv6hackers mailing list