Re: An alternative to 6to4 and teredo

[Keith Moore <moore@cs.utk.edu>]

On Mon, 20 Jan 2003 06:24:19 +0200 (EET)
Pekka Savola <pekkas@netcore.fi> wrote:

> On Sun, 19 Jan 2003, Erik Nordmark wrote:
> > > OTOH, I think tunnel broker is a good way to provide default route for a 6to4
> > > site.
> > 
> > That would make the site be multi-addressed with a 6to4 prefix
> > plus a prefix that was assigned by the tunnel broker.
> > 
> > That raises questions of what source address filtering might be appropriate
> > at the tunnel server - should they accept any source address?
> > That would seem counter to the arguments about 6to4 relays introducing
> > new ways to spoof source addresses - the tunnel server would
> > in essence to the same.
> > 
> > Unless there was a way to register an alternate source address prefix
> > with the tunnel broker as part of configuring the tunnel broker ...
> 
> There are no need for any changes provided that everybody implements the 
> new default address selection.
> 
> That way communication between 6to4<->6to4 never uses the upstream tunnel 
> broker, 6to4->native uses native source addresses and native->6to4 picks 
> native destination addresses.
> 
> Or so I've thought.  This is very briefly noted in the new 6to4 security 
> draft.


address selection is fundamentally broken.  it only works with two-party apps.

Keith