Re: scoping-arch and link-local addresses in RH

Mon, 22 Apr 2002 19:06:49 -0700 

>>>>> On Mon, 22 Apr 2002 18:45:22 +0300 (EEST), 
>>>>> Pekka Savola <[EMAIL PROTECTED]> said:

> ==> Wow, a 5-line sentence :-).  Anyway, my imagination is failing here 
> what kind of non-global addresses can be placed in the routing header?
> There may be a conflict with the previous comment there.

> E.g are you able to send a packet like:

> src=global1
> dst=globalA
> routing header=site_localA, segments left=1

> which would be translated at globalA to:

> src=global1
> dst=site_localA
> routing header=globalA, segments left=0  ?

According to the draft, correct.

> I think we need to have a much much more clearer view of what is possible 
> and what is not when crossing zone boundaries with routing headers.

I admit the notion is quite complicated and the text may have unclear
points, but the described behavior is clear at least to me so that I
could implement the rule in my implementation.  So, could you be more
specific about the unclearness?  Could you give me a concrete example
that cannot be explained with the description?

> 14. Security Considerations
    
>    The routing section of this document specifies a set of guidelines
>    that allow routers to prevent zone-specific information from leaking
>    out of each site.  If site boundary routers allow site routing 
>    information to be forwarded outside of the site, the integrity of the
>    site could be compromised. 

> ==> Security considerations should mention potential problems of crossing 
> zone boundaries w/ routing headers.

Okay, but the problems would basically be the same as in "normal"
(i.e. all destinations are in the same scope type) routing headers.
Do you have an example of the potential problems specific to the case
of mixed scoped destinations?

Thanks,

                                        JINMEI, Tatuya
                                        Communication Platform Lab.
                                        Corporate R&D Center, Toshiba Corp.
                                        [EMAIL PROTECTED]
--------------------------------------------------------------------
IETF IPng Working Group Mailing List
IPng Home Page:                      http://playground.sun.com/ipng
FTP archive:                      ftp://playground.sun.com/pub/ipng
Direct all administrative requests to [EMAIL PROTECTED]
--------------------------------------------------------------------

Reply via email to