On Wed, 2008-11-19 at 17:51 +0100, Pascal Thubert (pthubert) wrote:
> Most times there will be no NAT because we are using IPv6 within a
> domain
> - say a factory plant, an enterprise, a building, a home.
> I do not expect IPv6 to IPv6 NATs there, would you?
Agreed, there is not likely to be IPv6 NAT - good point.
> An application listening to these ports should protect itself against
> unwanted traffic, either sent there by mistake or as the result of an
> attack.
> So end-to-end authentication AND integrity are required. This is why
> more often than not you'll get the MIC we are talking about.
Possibly in industrial applications, but I'm not sure that such a
general statement is true for all the apps that will be built.
> [Pascal] A 6LoWPAN router would NOT check the ULTP MIC - an ALG would.
> 6LoWPAN defines IP and UDP compression but ULTP MIC is beyond the spec.
> That's why the correspondent end point HAS TO check the MIC.
>
This is confusing. If you are doing route over, do the routers need to
confirm that the the IP addresses in the packet header have not
inadvertently been changed? Isn't that part of the purpose of the
pseudo header chacksum? Do intermediate routers today check the UDP
checksum? Possibly not, in which case 6lowpan routers might not.
geoff
_______________________________________________
6lowpan mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/6lowpan
