> After giving this some thought, I think RFC 2460 should be > revised to > incorporate some security precautions. > > => I agree but this should not be in RFC 2460 (which is a > draft standard i.e. not so easy to change BTW).
I don't care much how it ends being standardized. > I suggest two separate restrictions on Routing Header processing. > > 1. When processing a Routing Header, hosts should only forward the > packet to another node via the same interface by which it arrived. > > => this rule is the RFC 1122 local forwarding rule. I > proposed something a bit more strict (forbid forwarding)... I > don't know if you really open a security hole (I don't > believe this is the case), my proposal has the advantage (?) > that the host definition (never > forward) is still valid for source routes. Any opinion/good argument? I just looked at RFC 1122 section 3.3.5 and indeed my proposal is basically its "local source-routing". The only difference is that for IPv6 I think we need to allow source routing between interfaces within the host, for Mobile IP. Rich -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------
