Francis Dupont writes:
> If we (the IETF) really care about security we need to make sure
> that we don't create holes in the set of standards track RFCs we
> issue.
>
> => I agree but in this case the target is explicitely "not introduce
> significant new vulnerabilities that are not present in IPv4 today".
> The new vulnerability has not be proved to be significant and the
> proposed reply is designed to get back to the IPv4 situation (where
> the reply to the threat, I have to say it again, is a BCP).
Positing AAA as the necessary band-aid is a non-starter.
Positing the kind of fix I proposed as a "crazy idea"
runs into problems with middle of the network RPF
checking and will, in practice, sink any use of
route optimization. HAO's cannot defeat ingress
filtering. That is distinctly worse than the
current net.
I think we seriously need to consider whether
we should sever route optimization from this
draft. Sigh.
Mike
--------------------------------------------------------------------
IETF IPng Working Group Mailing List
IPng Home Page: http://playground.sun.com/ipng
FTP archive: ftp://playground.sun.com/pub/ipng
Direct all administrative requests to [EMAIL PROTECTED]
--------------------------------------------------------------------
