[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: 6to4 security questions

To: Alain Durand <Alain.Durand@sun.com>
Subject: Re: 6to4 security questions
From: Francis Dupont <Francis.Dupont@enst-bretagne.fr>
Date: Wed, 20 Nov 2002 23:28:00 +0100
Cc: Erik Nordmark <Erik.Nordmark@sun.com>, Jason Goldschmidt <jgoldsch@eng.sun.com>, Pekka Savola <pekkas@netcore.fi>, v6ops@ops.ietf.org
Delivery-date: Wed, 20 Nov 2002 14:28:18 -0800
Envelope-to: v6ops-data@psg.com
In-reply-to: Your message of Wed, 20 Nov 2002 11:05:43 PST. <3DDBDD07.7030903@sun.com>
Sender: owner-v6ops@ops.ietf.org

 In your previous mail you wrote:

   There are in my opinion 4 ways forward:
   
   1- Revisit 6to4 architecture to have bi-directional communication
       between the 6to4 router and the 6to4 relay. That way the decapsulating
       6to4 router could apply some checks and make sure packets are comming
       from a legitimate 6to4 relay.
   
=> this is the solution for the home address option similar issue
(the option is checked against the binding cache, i.e., is validated
only when two-way communication is used).

Regards

Francis.Dupont@enst-bretagne.fr

Follow-Ups:
- Re: 6to4 security questions
  - From: Brian E Carpenter <brian@hursley.ibm.com>
- Re: 6to4 security questions
  - From: Pekka Savola <pekkas@netcore.fi>

References:
- Re: 6to4 security questions
  - From: Alain Durand <Alain.Durand@Sun.COM>

Prev by Date: Re: 6to4 security questions
Next by Date: Re: 6to4 security questions
Previous by thread: Re: 6to4 security questions
Next by thread: Re: 6to4 security questions
Index(es):
- Date
- Thread