[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: source address rewriting and shim6 proxies

To: marcelo bagnulo braun <marcelo@it.uc3m.es>
Subject: Re: source address rewriting and shim6 proxies
From: Erik Nordmark <erik.nordmark@sun.com>
Date: Fri, 30 Sep 2005 18:18:46 -0700
Cc: shim6-wg <shim6@psg.com>
In-reply-to: <e49f0cf0a702889f59e25190e302071e@it.uc3m.es>
References: <Pine.GSO.4.20.0509221614300.28499-100000@meno.corp.us.uu.net> <Pine.LNX.4.63.0509230228280.3483@sheen.jakma.org> <433986D8.1080603@zurich.ibm.com> <Pine.LNX.4.63.0509281225470.3722@sheen.jakma.org> <433AEA4A.6020304@sun.com> <d25d6ab8e1b515a31a8f07664886ee3a@it.uc3m.es> <433C3261.6040307@sun.com> <e49f0cf0a702889f59e25190e302071e@it.uc3m.es>
User-agent: Mozilla Thunderbird 1.0.6 (X11/20050720)

marcelo bagnulo braun wrote:

but this would mean that you would be accepting packets with any sourceaddress? wouldn't be some serious security issues there?

Depends how hard it would be to guess the context tag. Only nodes on thepath between A and B would know the context tag that B told A to use.And those nodes can use A's source addresses even if there is ingressfiltering, since they are on the path.

Oh - doing router rewriting of the source address presumably impliesthat every data packet (even before a locator switch) have to carry acontext tag, since the router can change the source locator on any packet.


  Erik

References:
- Re: addition of TLV to locator ID or locator ID set
  - From: "Jason Schiller (schiller@uu.net)" <jason.schiller@mci.com>
- Re: addition of TLV to locator ID or locator ID set
  - From: Paul Jakma <paul@clubi.ie>
- Re: addition of TLV to locator ID or locator ID set
  - From: Brian E Carpenter <brc@zurich.ibm.com>
- Re: addition of TLV to locator ID or locator ID set
  - From: Paul Jakma <paul@clubi.ie>
- source address rewriting and shim6 proxies
  - From: Erik Nordmark <erik.nordmark@sun.com>
- Re: source address rewriting and shim6 proxies
  - From: marcelo bagnulo braun <marcelo@it.uc3m.es>
- Re: source address rewriting and shim6 proxies
  - From: Erik Nordmark <erik.nordmark@sun.com>
- Re: source address rewriting and shim6 proxies
  - From: marcelo bagnulo braun <marcelo@it.uc3m.es>

Prev by Date: Re: addition of TLV to locator ID or locator ID set
Next by Date: Re: addition of TLV to locator ID or locator ID set
Previous by thread: Re: source address rewriting and shim6 proxies
Next by thread: Re: addition of TLV to locator ID or locator ID set
Index(es):
- Date
- Thread