[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: 6to4 deployement issues - was 6to4 security questions



Alain,
   
--- Alain Durand <Alain.Durand@Sun.COM> wrote:
> How does this help a 6to4 router to check if the packet is coming from
> a legitimate 6to4 relay?
> 
>     - Alain.

Tim Gleeson and I were just talking about the 6to4 open relay issue.
If router A sends traffic out thru relay B but gets return traffic
back thru relay C we have the open relay situation. Since everything
is just IPv6 over IPv4 as a link layer, can we possibly leverage
neighbor discovery to set up some sort of security association
along the forward and reverse paths?

I've been working on a scheme that can provide path mtu discovery based
on a "three way handshake" using neighbor discovery, and I've wondered
if/how a security association could be added to the negotiation.

Any thoughts on this?

Fred Templin
osprey67@yahoo.com 


__________________________________________________
Do you Yahoo!?
Yahoo! Mail Plus – Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com