[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: 6to4 security questions
> There are in my opinion 4 ways forward:
>
> 1- Revisit 6to4 architecture to have bi-directional communication
> between the 6to4 router and the 6to4 relay. That way the decapsulating
> 6to4 router could apply some checks and make sure packets are comming
> from a legitimate 6to4 relay.
But doesn't such a revisit result in the prefix needing to be
associated with the tunnel endpoint in order for routing to scale
i.e. this becomes just a variant of the tunnel broker?
(Not that this would necessarily be bad, I think the tunnel broker
is a much overlooked piece of work.)
But if #1 and #4 are essentially the same choice we only have 3 real
choices.
Erik