I'm sorry to bother you with this message but it's for a good cause. I've been reading your postings on this list for a couple of years now, not understanding much of it but very interested nevertheless. This is my first time for replying in any way.
I am a writer of technology news, I work for Info-Tech Research Group (www.technologynews.net). We deliver a bi-weekly summary of tech news that reaches about 13,000 IT managers and management-type people, 95% in the U.S. I'm writing a summary of the status of IPv6 for an audience of IT managers, some of them not too technical. It's sort of a start-off-the-new-year issue with several articles about trends and the big picture. 1. Would someone be willing to reply with the "six best web sites" having information related to IPv6? (I've already found the easy-to-find sites - ipv6.org, ipv6forum.com, playground.sun.com, 6bone.net, stardust.com, Microsoft's stuff) 2. Also, is there a recently-written white paper or powerpoint download that should be in the hands of an IT manager wanting to make an informed decision with regard to possibly testing IPv6? 3. How does one subscribe to this list? (Do you want people to know about this list?) Once again, apologies for taking your time and thank you in advance. Dwight Baer (519) 432-3550 (w) [EMAIL PROTECTED] (w) -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Brian E Carpenter Sent: Thursday, December 13, 2001 9:23 AM To: Pekka Savola Cc: Tony Hain; Sreeram Vankadari; [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: 6to4 security [was Re: (ngtrans) RE: Directed broadcast in IPv6] Pekka Savola wrote: > > On Wed, 12 Dec 2001, Brian E Carpenter wrote: > > > The sentence refers to: > > > > > > whether the encapsulating IPv4 address is consistent with the encapsulated > > > 2002:: address. > > > > > > 1) You cannot receive IPv6 packets from *relay* which have 2002::/16 > > > prefix. If you do, someone is using 6to4 improperly. We agree on this. > > > > Actually, the relay (according to RFC 3056) is a 6to4 router that also has a > > native IPv6 interface. It certainly can source 2002: packets from its own > > site, as well as native source addresses from the native interface. > > You can apply the consistency check, but not to relayed packets with > > a native source address. > > I meant relay as a box that has relay functinality. Local packets are of > course fine, and the consistancy check applies there so that is no > problem. > > But the sentence IMO basically says: > > "there are packets [referring to 2002 prefix] coming from relay which > must not be checked". Oh, I see your problem now. But the [...] is not implied by the text as I read it. However, since I wrote it too, maybe other people see that implication, which wasn't intended. Brian > > By referring to 2002, the consistancy check might not be performed for > _2002_ addresses (which it should not receive except for the local ones > where the check would apply), thus relays becoming a source for > inconsistant 2002 packets. > > > > 2) How do you check that 3ffe:ffff::1 is consistant with an IPv4 address? > > > > > > You cannot check *consistancy* unless the addresses are of form > > > 2002:<anything at all> and <IPv4 anything at all>. Only 2002 and IPv4 can > > > be compared. > > > > Yes. 3056 says nothing different. I see no error in the 3056 text. > > Ok, I guess this is one of those way of thinking issues; whether the > 'consistancy check' is basically: > > 1) > > consistancy_check(ipv6, ipv4) { > if (bits 16-47 of ipv6 equal ipv4) > return true > else > return false > } > > or: > > 2) > > consistancy_check(ipv6, ipv4) { > if prefix of ipv6 is 2002 { > if (bits 16-47 of ipv6 equal ipv4) > return true > else > return false > } > else > return true // because consistancy is not defined for non-2002 > } > > That is, what's the defined consistancy between native ipv6 and ipv4 > addresses. > > Thus skipping the consistancy check becomes a bit of a blur. > > -- > Pekka Savola "Tell me of difficulties surmounted, > Netcore Oy not those you stumble over and fall" > Systems. Networks. Security. -- Robert Jordan: A Crown of Swords > -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------
