Re: An alternative to 6to4 and teredo

[Pekka Savola <pekkas@netcore.fi>]

On Sun, 19 Jan 2003, Erik Nordmark wrote:
> > OTOH, I think tunnel broker is a good way to provide default route for a 6to4
> > site.
> 
> That would make the site be multi-addressed with a 6to4 prefix
> plus a prefix that was assigned by the tunnel broker.
> 
> That raises questions of what source address filtering might be appropriate
> at the tunnel server - should they accept any source address?
> That would seem counter to the arguments about 6to4 relays introducing
> new ways to spoof source addresses - the tunnel server would
> in essence to the same.
> 
> Unless there was a way to register an alternate source address prefix
> with the tunnel broker as part of configuring the tunnel broker ...

There are no need for any changes provided that everybody implements the 
new default address selection.

That way communication between 6to4<->6to4 never uses the upstream tunnel 
broker, 6to4->native uses native source addresses and native->6to4 picks 
native destination addresses.

Or so I've thought.  This is very briefly noted in the new 6to4 security 
draft.

-- 
Pekka Savola                 "You each name yourselves king, yet the
Netcore Oy                    kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings