[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

comments on draft-ietf-ipngwg-ipv6-anycast-analysis-02.txt

To: iesg@ietf.org
Subject: comments on draft-ietf-ipngwg-ipv6-anycast-analysis-02.txt
From: hardie@qualcomm.com
Date: Wed, 6 Aug 2003 22:32:38 -0700

The characterization of prefix usage in shared-unicast anycast in IPv4 doesn't match the
cited DNS example given in RFC 3258. The fundamental requirement
is that the same AS be the source of each announcement of the allocated
prefix so that the guidelines in RFC 1930, section 7 are met. The
provider independence of the prefix doesn't really have anything
to do with that.

In section 5.1. the draft says:

Many of the UDP-based protocols use source and destination address pair
to identify the traffic.
<snip>
Note that, however, bad guys can still inject fabricated results to the
client, even if the client checks the source address of the reply. The
check does not improve security of the exchange at all.

I think the authors should refer to: draft-ietf-dnsext-dns-threats-03.txt
for a better description of this attack. They will need, however, to
discuss the implication of the prohibition on anycast source addresses.
regards,
Ted Hardie

Prev by Date: Comments on draft-ietf-ieprep-ets-general-03.txt
Next by Date: Re: Evaluation: draft-ietf-impp-im - Common Profile for InstantMessaging (CPIM)
Previous by thread: Comments on draft-ietf-ieprep-ets-general-03.txt
Next by thread: draft-ietf-dhc-unused-optioncodes-05
Index(es):
- Date
- Thread