Department of Defense
High Performance Computing Modernization Program


For a long time, the “IPv6 is more secure” myth persisted because the IPv6 protocol REQUIRED that IPSec be implemented. Or at least it did, until Request for Comments (RFC) 6434 was adopted in December, 2011. (Since obsoleted in Jan 2019 by RFC 8504.) Deploying and maintaining IPSec can be difficult for many reasons. “Security” should not be used as a strong reason to consider deploying IPv6. More information on IPSec is available in this article and this later article from Salient CRGT (formerly Command Information, Inc.).

In conclusion the first article states:

IPsec as implemented in the IPv6 and IPv4 stack of most operating systems COULD provide an enhanced security service for host-to-host (aka peer-to-peer and/or machine-to-machine) communications once we mature the management tools and support infrastructure required to move beyond manual configurations and implement it on a larger scale. IPv6 offers some improvements to IPv4 IPsec implementation, but the enhancements are hard to capitalize on in the short term. IPv6 main advantages may be its ability to provide an enhanced end-to-end connection model for host-to-host IPSec and its ability to scale to support Internet-based communications (and IPSec) beyond the next decade when IPv4 scaling reaches its limits.

And since the Salient CRGT articles on this topic were published, this article from Nephos6 commented on the ramifications of RFC6434.