[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: WG Last Call: draft-ietf-v6ops-unmaneval-01.txt
On Fri, 19 Mar 2004, Fred Templin wrote:
> When IPv6 is tunneled over IPv4, the NDProxy effectively becomes
> an ARP Proxy, and the TLLA options in the encapsulated IPv6 redirect
> messages are unchanged. (Or, if they are changed, the receiver should
> be able to detect this if the sender is using some form of authentication
> for the IPv6 ND messages it sends.)
There must be some confusion here; ND-proxy, as proposed, is only
meant to proxy IPv6 traffic, not e.g. IPv4 proto-41 packets.
> Based on the security and path MTU issues, it seems that:
I think this is rather questionable. ND-proxy is already deployed on
the path, so that it by design is able to do pretty much everything.
No different from a router, for example. So I don't see the issues
here.
--
Pekka Savola "You each name yourselves king, yet the
Netcore Oy kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings