Re: WG Last Call: draft-ietf-v6ops-6to4-security-02.txt

[Pekka Savola <pekkas@netcore.fi>]

Hi,

I just revised the draft slightly, as the LC ended a couple of days
ago.

I took about all your comments (also added a note on compatible
addressed but with caveat that it's often still supported).

A few replies in line..

On Wed, 2 Jun 2004, Tim Chown wrote:
[...]
> Do we have field reports of 6to4 abuse to date?  (Curious if they are
> recorded anywhere)

Not much has been recorded on this, but there have been a lot of
attacks -- through a relay, not *on* the relay (that I know of).
 
> It seems many ISPs (NRENs, usually) simply avoid advertising 2002::/16
> outside their border, or the IPv4 anycast address outsude their border,
> to limit their "traffic magnet".   I guess this is your model in 
> Section 6.2, but you talk about 2002::/16 limitation, rather than the
> IPv4 anycast limitation?

I was referring to both v4 and v6 prefix announcements, clarified.

> This is probably why most people see SWITCH's 
> relay ;)   While there are enough "third party relays" (as you call them), 
> the closed model still appears to work because of the current traffic
> levels and available relays like SWITCH's.

To some degree of usefulness, yes.  I could hardly call that an
acceptable level of quality, though -- it's not nice, having to come
to Europe from the US (for example) to talk to your US neighbor...

> It's not clear how many recommendations in your (very thorough!) draft 
> are widely implemented - would be very interesting to know...

Yes, I'd be interested in that as well..

-- 
Pekka Savola                 "You each name yourselves king, yet the
Netcore Oy                    kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings