[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: 6to4 security questions

To: Brian E Carpenter <brian@hursley.ibm.com>
Subject: Re: 6to4 security questions
From: Pekka Savola <pekkas@netcore.fi>
Date: Fri, 22 Nov 2002 03:22:27 +0200 (EET)
Cc: v6ops@ops.ietf.org
Delivery-date: Thu, 21 Nov 2002 17:22:46 -0800
Envelope-to: v6ops-data@psg.com
In-reply-to: <3DDD85C8.6FE89102@hursley.ibm.com>
Sender: owner-v6ops@ops.ietf.org

On Fri, 22 Nov 2002, Brian E Carpenter wrote:
> Pekka Savola wrote:
> > 
> > On Fri, 22 Nov 2002, Brian E Carpenter wrote:
> > > There are spoofing/DDOS risks in the host-based anycast 6to4 model
> > > that has been implemented but never fully specified.
> > 
> > Do not classify this as "host-based".  There is nothing particularly
> > host-based in this.
> 
> Yes there is, because hosts don't generally support BGP4+

Wrong analogy.  Very small amount of routers use BGP4+, and even fewer 
(none?) use it in the 6to4 context.

> > And you said you're not aware of anything in the spec that'd need
> > modification. Right..
> 
> My original preference was to *only* specify the BGP4+ model
> for 6to4. I was talked out of it. 

That would have been an *entirely* different 6to4. 

One that would have gone the way to the 6over4, most probably.

-- 
Pekka Savola                 "Tell me of difficulties surmounted,
Netcore Oy                   not those you stumble over and fall"
Systems. Networks. Security.  -- Robert Jordan: A Crown of Swords

References:
- Re: 6to4 security questions
  - From: Brian E Carpenter <brian@hursley.ibm.com>

Prev by Date: Re: 6to4 security questions
Next by Date: Re: 6to4 deployement issues - was 6to4 security questions
Previous by thread: Re: 6to4 security questions
Next by thread: Re: 6to4 security questions
Index(es):
- Date
- Thread