| < draft-ietf-ssm-arch-03.txt | draft-ietf-ssm-arch-04.txt > | |||
|---|---|---|---|---|
| INTERNET-DRAFT Source-Specific Multicast H. Holbrook | INTERNET-DRAFT Source-Specific Multicast H. Holbrook | |||
| Expires Nov 7, 2003 Cisco Systems | Expires Apr 19, 2004 Cisco Systems | |||
| B. Cain | B. Cain | |||
| Storigen Systems | Storigen Systems | |||
| 7 May 2003 | 19 Oct 2003 | |||
| Source-Specific Multicast for IP | Source-Specific Multicast for IP | |||
| <draft-ietf-ssm-arch-03.txt> | <draft-ietf-ssm-arch-04.txt> | |||
| Status of this Memo | Status of this Memo | |||
| This document is an Internet-Draft and is in full conformance with all | This document is an Internet-Draft and is in full conformance with all | |||
| provisions of Section 10 of RFC2026. | provisions of Section 10 of RFC2026. | |||
| Internet-Drafts are working documents of the Internet Engineering Task | Internet-Drafts are working documents of the Internet Engineering Task | |||
| Force (IETF), its areas, and its working groups. Note that other groups | Force (IETF), its areas, and its working groups. Note that other groups | |||
| may also distribute working documents as Internet-Drafts. | may also distribute working documents as Internet-Drafts. | |||
| skipping to change at page 12, line 40 ¶ | skipping to change at page 12, line 40 ¶ | |||
| Source Routing [RFC791] (both Loose and Strict) in combination with | Source Routing [RFC791] (both Loose and Strict) in combination with | |||
| source address spoofing may be used to allow an impostor of the true | source address spoofing may be used to allow an impostor of the true | |||
| channel source to inject packets onto an SSM channel. An SSM router | channel source to inject packets onto an SSM channel. An SSM router | |||
| SHOULD by default disallow source routing to an SSM destination address. | SHOULD by default disallow source routing to an SSM destination address. | |||
| A router MAY have a configuration option to allow source routing. Anti- | A router MAY have a configuration option to allow source routing. Anti- | |||
| source spoofing mechanisms such as source address filtering at the edges | source spoofing mechanisms such as source address filtering at the edges | |||
| of the network are also strongly encouraged. | of the network are also strongly encouraged. | |||
| 7.4. Administrative Scoping | 7.4. Administrative Scoping | |||
| Administrative scoping should not relied upon as a security measure | Administrative scoping should not be relied upon as a security measure | |||
| [ADMIN-SCOPE]; however, in some cases it is part of a security solution. | [ADMIN-SCOPE]; however, in some cases it is part of a security solution. | |||
| It should be noted that no administrative scoping exists for IPv4 | It should be noted that no administrative scoping exists for IPv4 | |||
| source-specific multicast. An alternative approach is to manually | source-specific multicast. An alternative approach is to manually | |||
| configure traffic filters on routers to create such scoping if | configure traffic filters to create such scoping if necessary. | |||
| necessary. | ||||
| Furthermore, for IPv6, neither source nor destination address scoping | Furthermore, for IPv6, neither source nor destination address scoping | |||
| should be used as a security measure. In some currently-deployed IPv6 | should be used as a security measure. In some currently-deployed IPv6 | |||
| routers (those that do not conform to [SCOPED-ARCH]), scope boundaries | routers (those that do not conform to [SCOPED-ARCH]), scope boundaries | |||
| are not always applied to all source address (for instance, an | are not always applied to all source address (for instance, an | |||
| implentation may filter link-local addresses but nothing else). Such a | implentation may filter link-local addresses but nothing else). Such a | |||
| router may incorrectly forward an SSM channel (S,G) through a scope | router may incorrectly forward an SSM channel (S,G) through a scope | |||
| boundary for S. | boundary for S. | |||
| 8. Transition Considerations | 8. Transition Considerations | |||
| skipping to change at page 17, line 19 ¶ | skipping to change at page 17, line 19 ¶ | |||
| The limited permissions granted above are perpetual and will not be | The limited permissions granted above are perpetual and will not be | |||
| revoked by the Internet Society or its successors or assigns. | revoked by the Internet Society or its successors or assigns. | |||
| This document and the information contained herein is provided on an "AS | This document and the information contained herein is provided on an "AS | |||
| IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK | IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK | |||
| FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT | FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT | |||
| LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT | LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT | |||
| INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR | INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR | |||
| FITNESS FOR A PARTICULAR PURPOSE. | FITNESS FOR A PARTICULAR PURPOSE. | |||
| This document expires Nov 7, 2003. | This document expires Apr 19, 2004. | |||
| End of changes. 6 change blocks. | ||||
| 6 lines changed or deleted | 5 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||