[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Teredo and draft-davies-v6ops-icmpv6-filtering-bcp-00
Thanks for pointing this out. Janos and I are working on a new version
of the draft and we will point this out.
I'll check the security discussions in the Teredo draft to see what it
says on the subject.
Regards,
elwyn
Rémi Denis-Courmont wrote:
Hello,
draft-davies-v6ops-icmpv6-filtering-bcp-00 suggests (§ 4.2) filtering
incoming ICMPv6 Echo requests, and, optionaly, outgoing ones.
I do understand they are security motivation for doing so. Yet, while
that might be seen as an abuse of ping6, Teredo tunneling, which seems
to be going for RFC, needs ping6 to establish symmetric routing of IPv6
packets between a Teredo client and a native (or tunneled otherwise)
IPv6 node.
If these packets go unresponded, the IPv6 node becomes completely
unreachable from the Teredo client (regardless which of both actually
is the "initiator" of the data exchange).
IMHO, it should at least be worth mentioning as a side effect in the
filtering draft, though there my be objections that I'm not aware of.
Regards,