Francis Dupont wrote: > > In your previous mail you wrote: ... > > I suggest two separate restrictions on Routing Header processing. > > 1. When processing a Routing Header, hosts should only forward the > packet to another node via the same interface by which it arrived. > > => this rule is the RFC 1122 local forwarding rule. I proposed > something a bit more strict (forbid forwarding)... I don't know > if you really open a security hole (I don't believe this is the case), > my proposal has the advantage (?) that the host definition (never > forward) is still valid for source routes. Any opinion/good argument?
I agree. I don't think a host should be doing any forwarding unless explicitly configured to do so. In the case of Mobile IP, the mobile is not really doing "forwarding" (however it may be implemented as such) since both the COA and HA are assigned to the mobile node. > > 2. When processing a Routing Header, nodes should compare the scope of > the current and new destination addresses and only forward the packet if > the new destination address has scope equal or greater than the old > destination scope. > > => I agree (note the destination can't reply because its address has > not enough scope). In this case, the final destination can't reverse and use the source route so this would need carefull wording. The node may end up sending a beyond scope icmp message following this rule. -vlad > > Regards > > [EMAIL PROTECTED] > -------------------------------------------------------------------- > IETF IPng Working Group Mailing List > IPng Home Page: http://playground.sun.com/ipng > FTP archive: ftp://playground.sun.com/pub/ipng > Direct all administrative requests to [EMAIL PROTECTED] > -------------------------------------------------------------------- -- ++++++++++++++++++++++++++++++++++++++++++++++++++++ Vladislav Yasevich Tel: (603) 884-1079 Compaq Computer Corp. Fax: (435) 514-6884 110 Spit Brook Rd ZK03-3/T07 Nashua, NH 03062 -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------
