So, does anyone have any inside knowledge (or good references) to what Google ended up doing when they recently started switching their networks to use encrypted transports? Do they run over ip4 or ip6, and are they using traditional vpn or ipsec? I've previously been rather sceptical to the "new improved support for encryption and authentication" ipv6 brings -- I mean we're already late rolling out ipv6 -- is complicating it with key management really what we need? But given the late revelations that even the paranoid have been naively optimistic -- and given that it appears ipv6 is still in need of planning and new projects for a decent percentage roll-out -- perhaps advocating ipv6 with ipsec is a good idea after all?
I think advocating ipv6 is a good idea in general. IPSec was originally developed as part of the ipv6 stack. It's theoretically built in, and should be used whenever possible.
Thoughts?