[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: 6to4 security questions
Pekka Savola wrote:
>
> On Wed, 20 Nov 2002, Alain Durand wrote:
> > 1- Revisit 6to4 architecture to have bi-directional communication
> > between the 6to4 router and the 6to4 relay. That way the decapsulating
> > 6to4 router could apply some checks and make sure packets are comming
> > from a legitimate 6to4 relay.
>
> I believe the "Limited Distribution of More Specific Routes" approach in
> the draft could perhaps be able to solve these problems.
>
> This would only be very minor modifications for the 6to4 routers/nodes, so
> this might yet be doable.
>
> There are some caveats though..
Nevertheless I do prefer this approach, or to be more precise,
I'd like to be able to answer the question "should I trust
this relay router?"
Brian