[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Comments on multi6dt documents

To: Pekka Savola <pekkas@netcore.fi>
Subject: Re: Comments on multi6dt documents
From: Iljitsch van Beijnum <iljitsch@muada.com>
Date: Wed, 10 Nov 2004 09:49:53 +0100
Cc: multi6@ops.ietf.org
In-reply-to: <Pine.LNX.4.61.0411100400200.1264@netcore.fi>
References: <Pine.LNX.4.61.0411090232360.29032@netcore.fi> <C13EB2A3-329E-11D9-A560-000A95CD987A@muada.com> <Pine.LNX.4.61.0411100400200.1264@netcore.fi>

On 10-nov-04, at 3:14, Pekka Savola wrote:

Also, under most circumstances either the packets you may want to piggyback on are already filling up the MTU, or there aren't any. So the complexity needed for piggybacking is probably not receive a decent return on investment.

Unless you piggyback on the TCP connection establishment messages which are known to be small enough to accommodate this. That's the only realistic case for piggybacking benefits AFAICS.

This is especially the place where filtering would be most harmful, because you don't know whether lack of a response means you should retry without the multihoming header, or you should try a different address.

But I do agree there are advantages as well. If you want to set up security stuff that is susceptible to sniffing attacks, the first packet is the place you want to do it because an attacker with just sniffing capability can't inject a false packet for a legitimate new session, because the properties of new sessions aren't known until the first packet is transmitted.

References:
- Comments on multi6dt documents
  - From: Pekka Savola <pekkas@netcore.fi>
- Re: Comments on multi6dt documents
  - From: Iljitsch van Beijnum <iljitsch@muada.com>
- Re: Comments on multi6dt documents
  - From: Pekka Savola <pekkas@netcore.fi>

Prev by Date: Re: Comments on multi6dt documents
Next by Date: Re:
Previous by thread: Re: Comments on multi6dt documents
Next by thread: Re: Comments on multi6dt documents
Index(es):
- Date
- Thread