[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: WG Last Call: draft-ietf-v6ops-unmaneval-01.txt

To: Fred Templin <ftemplin@iprg.nokia.com>
Subject: Re: WG Last Call: draft-ietf-v6ops-unmaneval-01.txt
From: Pekka Savola <pekkas@netcore.fi>
Date: Sat, 20 Mar 2004 16:48:42 +0200 (EET)
Cc: Ralph Droms <rdroms@cisco.com>, <v6ops@ops.ietf.org>
In-reply-to: <405B5BCF.5010200@iprg.nokia.com>

On Fri, 19 Mar 2004, Fred Templin wrote:
> When IPv6 is tunneled over IPv4, the NDProxy effectively becomes
> an ARP Proxy, and the TLLA options in the encapsulated IPv6 redirect
> messages are unchanged. (Or, if they are changed, the receiver should
> be able to detect this if the sender is using some form of authentication
> for the IPv6 ND messages it sends.)

There must be some confusion here; ND-proxy, as proposed, is only 
meant to proxy IPv6 traffic, not e.g. IPv4 proto-41 packets.

> Based on the security and path MTU issues, it seems that:

I think this is rather questionable. ND-proxy is already deployed on 
the path, so that it by design is able to do pretty much everything.  
No different from a router, for example.  So I don't see the issues 
here.

-- 
Pekka Savola                 "You each name yourselves king, yet the
Netcore Oy                    kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings

References:
- Re: WG Last Call: draft-ietf-v6ops-unmaneval-01.txt
  - From: Fred Templin <ftemplin@iprg.nokia.com>

Prev by Date: Re: NDProxy issue
Next by Date: Re: stable vs address-derived v6 prefix [Re: v6 deployment in general [Re: tunnel broker deployment [RE: Tunneling scenarios and mechanisms evaluation]]]
Previous by thread: Re: WG Last Call: draft-ietf-v6ops-unmaneval-01.txt
Next by thread: Re: WG Last Call: draft-ietf-v6ops-unmaneval-01.txt
Index(es):
- Date
- Thread