Re: I-D ACTION:draft-jabley-ipv6-rh0-is-evil-00.txt
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: I-D ACTION:draft-jabley-ipv6-rh0-is-evil-00.txt
At Thu, 10 May 2007 10:11:16 +0200,
"Ebalard, Arnaud" <Arnaud.Ebalard at eads.net> wrote:
> Some comments on that :
> - This prevents blindly source-routed packets to be processed by the
> final destination (null value for Segments Left field), i.e. this
> prevents an attacker to target an instance of a service after having
> escaped the natural path (DMZ concern, Anycast service).
>
> - This part is an obvious update to Section 4.4 of RFC 2460: IMHO, final
> destination should only accept source-routed traffic when the
> associated RH type is configured, activated and guarantied to have no
> impact. The sentence is in sync with MIPv6.
Are you suggesting the following part should apply regardless of the
type of routing header?
In particular, the value of the Segments Left field
MUST not be considered.
If so, I don't think the current rh0 draft could be interpreted that
way (aside from whether we'd agree it in the first place).
JINMEI, Tatuya
Communication Platform Lab.
Corporate R&D Center, Toshiba Corp.
jinmei at isl.rdc.toshiba.co.jp
--------------------------------------------------------------------
IETF IPv6 working group mailing list
ipv6 at ietf.org
Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------
Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.
