Vijay,
I am missing something. Can we invent a new option in the future
and call it a MUST be processed by all nodes ? If a node does
not understand the option, it should use the icmp parameter
problem to return errors. Not sure why we need something special
for HAO.
-mohan
> -----Original Message-----
> From: Vijay Devarapalli [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, July 17, 2002 5:24 PM
> To: [EMAIL PROTECTED]
> Cc: Michael Thomas; [EMAIL PROTECTED];
> [EMAIL PROTECTED]; [EMAIL PROTECTED];
> [EMAIL PROTECTED]
> Subject: Re: [mobile-ip] Re: HAO and BE processing will be mandated
>
>
> [EMAIL PROTECTED] wrote:
> >
> > >processing a HAO is simply replacing the source address with the
> > >contents of the HAO. earlier it is used to be a MUST without the
> > >verification step. IPv6 WG was okay with that. but people
> indentified
> > >some reflection attacks that are possible if you blindly accept
> > >unverified home address option. so now, it is a MUST with the
> > >verification step.
> >
> > IPv6 wg OKed HAO in draft 5 or 6. HAO changed a
> lot since then,
> > and i think it not reasonable for you to think that
> new-HAO is also
> > OKed automaticalliy.
>
> new-HAO?? the format has not changed. neither has the
> processing. it is still a destination option. how is it new?
> infact it has
> been made secure by the new verification step.
>
> infact, (IMO) there is no need for this new verification step
> if we have smart ingress filtering as described by Francis
> Dupont in
> http://www.ietf.org/internet-drafts/draft-dupont-ipv6-ingress-
filtering-00.txt.
Francis is probably around somewhere. can you please talk to him?
Vijay
