[EMAIL PROTECTED] wrote: > > >processing a HAO is simply replacing the source address with > >the contents of the HAO. earlier it is used to be a MUST without > >the verification step. IPv6 WG was okay with that. but people > >indentified some reflection attacks that are possible if you > >blindly accept unverified home address option. so now, it is a > >MUST with the verification step. > > IPv6 wg OKed HAO in draft 5 or 6. HAO changed a lot since then, > and i think it not reasonable for you to think that new-HAO is also > OKed automaticalliy.
new-HAO?? the format has not changed. neither has the processing. it is still a destination option. how is it new? infact it has been made secure by the new verification step. infact, (IMO) there is no need for this new verification step if we have smart ingress filtering as described by Francis Dupont in http://www.ietf.org/internet-drafts/draft-dupont-ipv6-ingress-filtering-00.txt. Francis is probably around somewhere. can you please talk to him? Vijay -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------
