[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Proposed 6to4 work (security)

To: Tim Chown <tjc@ecs.soton.ac.uk>
Subject: Re: Proposed 6to4 work (security)
From: Alain Durand <Alain.Durand@Sun.COM>
Date: Wed, 16 Oct 2002 13:19:58 -0700
Cc: IPv6 Operations <v6ops@ops.ietf.org>
Delivery-date: Wed, 16 Oct 2002 13:21:40 -0700
Envelope-to: v6ops-data@psg.com
User-agent: Mozilla/5.0 (X11; U; SunOS sun4u; en-US; rv:1.0.1) Gecko/20020719Netscape/7.0


Tim Chown wrote:

On Wed, Oct 16, 2002 at 08:43:51AM +0300, Pekka Savola wrote:

I believe you *can* quite effectively limit the access. First by not advertising 2002::/16 or 192.88.99.1 to your peers (or doing it by some controlled measure, like no-export community), and if it's really important, placing some ACL's.
didn't the same lessons get learnt with smtp relays and abuse, leading to
isp's only allowing their own customers to use their smtp service?  is
there a reason to hope 6to4 could be different

This is different.SMTP relay is part of the expected service from an ISP.
6to4 relay is not. One cannot build a deployment model of 6to4
that assumes that the v4 ISP have deployed a 6to4 relay.

   - Alain.

Prev by Date: Re: New draft on embedding the RP address in IPv6 multicast address
Next by Date: Re: Proposed 6to4 work (security)
Previous by thread: Re: Proposed 6to4 work (security)
Next by thread: Re: Proposed 6to4 work (security)
Index(es):
- Date
- Thread