[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: 6to4 security questions

To: Pekka Savola <pekkas@netcore.fi>
Subject: Re: 6to4 security questions
From: Brian E Carpenter <brian@hursley.ibm.com>
Date: Wed, 20 Nov 2002 21:01:21 +0100
Cc: Alain Durand <Alain.Durand@Sun.COM>, Erik Nordmark <Erik.Nordmark@Sun.COM>, Jason Goldschmidt <jgoldsch@eng.sun.com>, v6ops@ops.ietf.org
Delivery-date: Wed, 20 Nov 2002 12:03:08 -0800
Envelope-to: v6ops-data@psg.com
Organization: IBM
References: <Pine.LNX.4.44.0211202109000.12975-100000@netcore.fi>
Sender: owner-v6ops@ops.ietf.org

Pekka Savola wrote:
> 
> On Wed, 20 Nov 2002, Alain Durand wrote:
> > 1- Revisit 6to4 architecture to have bi-directional communication
> >     between the 6to4 router and the 6to4 relay. That way the decapsulating
> >     6to4 router could apply some checks and make sure packets are comming
> >     from a legitimate 6to4 relay.
> 
> I believe the "Limited Distribution of More Specific Routes" approach in
> the draft could perhaps be able to solve these problems.
> 
> This would only be very minor modifications for the 6to4 routers/nodes, so
> this might yet be doable.
> 
> There are some caveats though..

Nevertheless I do prefer this approach, or to be more precise,
I'd like to be able to answer the question "should I trust
this relay router?" 

    Brian

Follow-Ups:
- Re: 6to4 security questions
  - From: Pekka Savola <pekkas@netcore.fi>

References:
- Re: 6to4 security questions
  - From: Pekka Savola <pekkas@netcore.fi>

Prev by Date: Re: 6to4 security questions
Next by Date: Re: 6to4 security questions
Previous by thread: Re: 6to4 security questions
Next by thread: Re: 6to4 security questions
Index(es):
- Date
- Thread