[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

6to4 security questions

To: v6ops@ops.ietf.org
Subject: 6to4 security questions
From: Pekka Savola <pekkas@netcore.fi>
Date: Wed, 20 Nov 2002 19:32:23 +0200 (EET)
Delivery-date: Wed, 20 Nov 2002 09:32:49 -0800
Envelope-to: v6ops-data@psg.com
Sender: owner-v6ops@ops.ietf.org

Hello,

The most important part (how to go forward) got cut-off at the meeting, so 
I'm hoping to be able to hear some thoughts on the 6to4 security issues.

* The most important thing:
 ==> document the existing problems and declare done or try to invent
bigger fixes for the problems?

* Draft has two parts
 - relay spoofing troubles
 - 6to4 usage analysis, guidelines for sec considerations 
implementation etc.
 ==> keep these separate or not? (the second are IMO ready)

* Is the relay problem (spoofing from 2001::/16) something we need to 
worry about?
 - after all, you probably can spoof the source addresses without 6to4 
too..
 ==> if yes, how much effort should we put into it?

* Should we analyze the DoS attacks (abusing relays) whether anything can 
be done against those in more detail?
 - already in the draft, maybe more

-- 
Pekka Savola                 "Tell me of difficulties surmounted,
Netcore Oy                   not those you stumble over and fall"
Systems. Networks. Security.  -- Robert Jordan: A Crown of Swords

Follow-Ups:
- Re: 6to4 security questions
  - From: Francis Dupont <Francis.Dupont@enst-bretagne.fr>
- Re: 6to4 security questions
  - From: Brian E Carpenter <brian@hursley.ibm.com>
- Re: 6to4 security questions
  - From: Jason Goldschmidt <jgoldsch@eng.sun.com>

Prev by Date: firewalling points
Next by Date: Re: 6to4 security questions
Previous by thread: firewalling points
Next by thread: Re: 6to4 security questions
Index(es):
- Date
- Thread