[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Proposed 6to4 work (security)

To: Pekka Savola <pekkas@netcore.fi>
Subject: Re: Proposed 6to4 work (security)
From: Alain Durand <Alain.Durand@Sun.COM>
Date: Wed, 16 Oct 2002 14:18:18 -0700
Cc: Brian E Carpenter <brian@hursley.ibm.com>, itojun@iijlab.net, IPv6 Operations <v6ops@ops.ietf.org>, Margaret Wasserman <mrw@windriver.com>
Delivery-date: Wed, 16 Oct 2002 14:21:36 -0700
Envelope-to: v6ops-data@psg.com
User-agent: Mozilla/5.0 (X11; U; SunOS sun4u; en-US; rv:1.0.1) Gecko/20020719Netscape/7.0


Pekka Savola wrote:

The source IPv4 address could be '192.88.99.1'. If this was mandated, perhaps some checks would be easier. On the other hand, certain things (ones that were also criticized by IESG in Shipworm..) would appear.

How could you make regular IPv4 ingress filtering work?
If you create an exception fo 192.88.99.1, anybody could
impersonate a 6to4 relay, if you don't, packets will
never reach destination...

   - Alain.

Prev by Date: Re: Proposed 6to4 work (security)
Next by Date: Re: Proposed 6to4 work (security)
Previous by thread: Re: Proposed 6to4 work (security)
Next by thread: Re: Proposed 6to4 work (security)
Index(es):
- Date
- Thread