[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: R41 in draft-ietf-v6ops-cpe-simple-security-07

To: Yaron Sheffer <yaronf@checkpoint.com>
Subject: Re: R41 in draft-ietf-v6ops-cpe-simple-security-07
From: Iljitsch van Beijnum <iljitsch@muada.com>
Date: Tue, 28 Jul 2009 18:26:58 +0200
Cc: james woodyatt <jhw@apple.com>, IPv6 Operations <v6ops@ops.ietf.org>
In-reply-to: <7F9A6D26EB51614FBF9F81C0DA4CFEC80133E557C9BA@il-ex01.ad.checkpoint.com>
References: <20090727184501.933F83A6CE4@core3.amsl.com> <56A1905B-54B8-43AA-9AC4-55F46C2FC4B0@apple.com> <029CBD08-5A79-44C2-8490-E63AF783E3B7@muada.com> <7F9A6D26EB51614FBF9F81C0DA4CFEC80133E557C9BA@il-ex01.ad.checkpoint.com>

On 28 jul 2009, at 18:17, Yaron Sheffer wrote:

no, there is no reasonable way to establish trust
between the host and the CPE router in a home environment. So the(default)
protocol will likely be unauthenticated.

Would it help to require a < 1024 port? On Unix-derived system youhave to be root to be able to send those, so random applicationswouldn't be able to do this without some serious tricking of the user.

There's also the old standby of setting the hop limit to 255 andchecking it's still 255 to enforce localness.

Follow-Ups:
- Re: R41 in draft-ietf-v6ops-cpe-simple-security-07
  - From: Mohacsi Janos <mohacsi@niif.hu>

References:
- I-D Action:draft-ietf-v6ops-cpe-simple-security-07.txt
  - From: Internet-Drafts@ietf.org
- R41 in draft-ietf-v6ops-cpe-simple-security-07
  - From: james woodyatt <jhw@apple.com>
- Re: R41 in draft-ietf-v6ops-cpe-simple-security-07
  - From: Iljitsch van Beijnum <iljitsch@muada.com>
- RE: R41 in draft-ietf-v6ops-cpe-simple-security-07
  - From: Yaron Sheffer <yaronf@checkpoint.com>

Prev by Date: RE: R41 in draft-ietf-v6ops-cpe-simple-security-07
Next by Date: Re: R41 in draft-ietf-v6ops-cpe-simple-security-07
Previous by thread: RE: R41 in draft-ietf-v6ops-cpe-simple-security-07
Next by thread: Re: R41 in draft-ietf-v6ops-cpe-simple-security-07
Index(es):
- Date
- Thread