On Mon, 10 Dec 2001, Tony Hain wrote: > > This is especially nasty if hosts would listen to ff0e::1 (global > > all-hosts) address (even though it would not be globally > > routable); there > > would not be such restrictions on same zone. > > According to 2373 your choice of multicast address is reserved to begin > with, but why wouldn't that be routable? You appear to have a model for > multicast over NBMA that assumes the lower layer is not global. I > understand there may be a problem with scaling the number of tunnels, > but this is not a protocol problem.
New addrarch draft says ff0e::/16 is global-scope. I took this as an example of delivering packets to an IPv6 node when it might not be possible to do so directly (example: link-local addresses). > > The issues with automatic tunneling are discussed a little bit in: > > > > http://www.ietf.org/internet-drafts/draft-savola-ngtrans-6to4- > security-00.txt > > (by the way, comments would be welcome ;-) > > Your discussion about a 6to4 host seems to be implementation specific, > and there are implementations that do have the host aware of 6to4. Why would a host have any reason to be 6to4 aware? I sure would like to know more of this. AFAICS that implementation wouldn't be honouring RFC 3056 definition of 6to4 host: an IPv6 host which happens to have at least one 6to4 address. In all other respects it is a standard IPv6 host. > Your discussion about what should not happen are already in RFC 3056 > security issues. Some are, some aren't. But the main point was, that RFC 3056 rules were a little abstract (and as a matter of fact, wrong in one sentence), so that they were basically unimplementable and rather non-understandable. This is noted in the introduction. > Your discussion of the disallowed addresses is in RFC 3056, specifically > the point that RFC 1918 addresses are not valid. Private addresses are just one, problem, there just for completeness. > I have to go now, but the document seems to be based on some > misunderstanding of the existing 6to4 RFC, and the existing address > architecture RFC. If those are sufficiently unclear that several people > this document is needed to help, we should either revisit the text in > those, or move your document to a high priority work item to reduce the > confusion. I fail to see what misunderstandings those would be. Only issue I can come up with (for some portions) is how implementations inject packets from tunneling to the IPv6 stack. That is, can we assume that "same-zone" forwarding applies. That is, site-local and link-locals would not be a problem with tunneling. -- Pekka Savola "Tell me of difficulties surmounted, Netcore Oy not those you stumble over and fall" Systems. Networks. Security. -- Robert Jordan: A Crown of Swords -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------
