Pekka Savola wrote: > All that is true, but nowhere it is said that decapsulating the packet > from IPv4 (or IPv6) should be interpreted as "forwarding".
The group keeps responding to you that the tunnel is an interface separate from the physical one it is encapsulated in, but that doesn't seem to stick. If you will accept that the tunnel is an independent interface and treat it as such, all the rules will start to make sense, and your continuous complaint about tunnel security will be resolved through the existing rules. If you can show that a node which follows the rules is insecure that would be helpful, but continuing to rehash tunneling as a security hole is not. Tony -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------
