> Its harder w/ v4 than v6. v6, its dirt simple.
> turn on routing for your DNS server. It advertizes
> its self and the well-known address to the local segment.
> Odds are that the well-known prefix is "nearer" from
> this new router than from the "offical" egress point.
> Other nodes, listening to RA/ND see this new router
> and the well-known prefix. can you say hijack?
the issues with anycast address is documented in
draft-ietf-ipngwg-ipv6-anycast-analysis-00.txt (pending IESG review),
so we don't need to repeat it here.
i can buy the argument with router advertisement, however, i cannot
for routing advertisements. if you don't protect routing
infrastructure, it's your fault. routing protocols must be secured
or you are in trouble.
btw - both RIPng and OSPFv3 relies upon IPsec over multicast and
do not define its own security mechanism. i wonder how many
implementation can do this. IPsec over multicast is, i would say,
hard (not to mention automatic key exchange).
itojun
--------------------------------------------------------------------
IETF IPng Working Group Mailing List
IPng Home Page: http://playground.sun.com/ipng
FTP archive: ftp://playground.sun.com/pub/ipng
Direct all administrative requests to [EMAIL PROTECTED]
--------------------------------------------------------------------
