[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: WG Last Call: draft-ietf-v6ops-6to4-security-02.txt
Hi,
I just revised the draft slightly, as the LC ended a couple of days
ago.
I took about all your comments (also added a note on compatible
addressed but with caveat that it's often still supported).
A few replies in line..
On Wed, 2 Jun 2004, Tim Chown wrote:
[...]
> Do we have field reports of 6to4 abuse to date? (Curious if they are
> recorded anywhere)
Not much has been recorded on this, but there have been a lot of
attacks -- through a relay, not *on* the relay (that I know of).
> It seems many ISPs (NRENs, usually) simply avoid advertising 2002::/16
> outside their border, or the IPv4 anycast address outsude their border,
> to limit their "traffic magnet". I guess this is your model in
> Section 6.2, but you talk about 2002::/16 limitation, rather than the
> IPv4 anycast limitation?
I was referring to both v4 and v6 prefix announcements, clarified.
> This is probably why most people see SWITCH's
> relay ;) While there are enough "third party relays" (as you call them),
> the closed model still appears to work because of the current traffic
> levels and available relays like SWITCH's.
To some degree of usefulness, yes. I could hardly call that an
acceptable level of quality, though -- it's not nice, having to come
to Europe from the US (for example) to talk to your US neighbor...
> It's not clear how many recommendations in your (very thorough!) draft
> are widely implemented - would be very interesting to know...
Yes, I'd be interested in that as well..
--
Pekka Savola "You each name yourselves king, yet the
Netcore Oy kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings