[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Proposed 6to4 work (security)




Pekka Savola wrote:


The source IPv4 address could be '192.88.99.1'. If this was mandated, perhaps some checks would be easier. On the other hand, certain things (ones that were also criticized by IESG in Shipworm..) would appear.

How could you make regular IPv4 ingress filtering work?
If you create an exception fo 192.88.99.1, anybody could
impersonate a 6to4 relay, if you don't, packets will
never reach destination...

   - Alain.