> From [EMAIL PROTECTED] Mon Dec 18 15:41:56 2000
> Received: from roll.mentat.com (roll [192.88.122.129])
> by leo.mentat.com (8.9.1b+Sun/8.9.1) with ESMTP id PAA28833
> for <tim@leo>; Mon, 18 Dec 2000 15:41:47 -0800 (PST)
> Received: from mercury.Sun.COM (mercury.Sun.COM [192.9.25.1])
> by roll.mentat.com (8.9.1b+Sun/8.9.1) with ESMTP id PAA05049
> for <[EMAIL PROTECTED]>; Mon, 18 Dec 2000 15:41:44 -0800 (PST)
> Received: from engmail4.Eng.Sun.COM ([129.144.134.6])
> by mercury.Sun.COM (8.9.3+Sun/8.9.3) with ESMTP id PAA29883;
> Mon, 18 Dec 2000 15:41:12 -0800 (PST)
Itojun,
>
> >> This would still have some problems since certain extension headers
> >> (fragmentation, AH, ESP) aren't passed up to the application.
> >=> exactly my second concern.
>
> one question - maybe i have lost some context.
> we are talking about socket API. is it really necessary
> for user applications to be able to transmit arbitrary AH/ESP/fragment
> header?
>
I certainly don't think so. Sounds like any easy way to open the door
for kiddies to do DoS attacks and not a lot more.
> even for raw IP socket, i think it reasonable to forbid users
> from attaching arbitrary AH/ESP/fragment header (i.e. to say that
> they are "kernel" thingie).
>
I agree.
tim
--------------------------------------------------------------------
IETF IPng Working Group Mailing List
IPng Home Page: http://playground.sun.com/ipng
FTP archive: ftp://playground.sun.com/pub/ipng
Direct all administrative requests to [EMAIL PROTECTED]
--------------------------------------------------------------------
