a new spec comes out. it has a lot of features. some of the features are very important for the protocol (otherwise the protocol does not work well). so we say all nodes have to implement these features.
on the other hand, the new spec should not screw up the earlier implementations. are we in agreement with the above? it is nice to consider legacy nodes. But software upgrades are also very routine. I dont have a machine which is running the earliest version of Windows/FreeBSD/Linux/...... regards Vijay > Mohan Parthasarathy wrote: > > Vijay, > > I am missing something. Can we invent a new option in the future > and call it a MUST be processed by all nodes ? If a node does > not understand the option, it should use the icmp parameter > problem to return errors. Not sure why we need something special > for HAO. > > -mohan > > > -----Original Message----- > > From: Vijay Devarapalli [mailto:[EMAIL PROTECTED]] > > Sent: Wednesday, July 17, 2002 5:24 PM > > To: [EMAIL PROTECTED] > > Cc: Michael Thomas; [EMAIL PROTECTED]; > > [EMAIL PROTECTED]; [EMAIL PROTECTED]; > > [EMAIL PROTECTED] > > Subject: Re: [mobile-ip] Re: HAO and BE processing will be mandated > > > > > > [EMAIL PROTECTED] wrote: > > > > > > >processing a HAO is simply replacing the source address with the > > > >contents of the HAO. earlier it is used to be a MUST without the > > > >verification step. IPv6 WG was okay with that. but people > > indentified > > > >some reflection attacks that are possible if you blindly accept > > > >unverified home address option. so now, it is a MUST with the > > > >verification step. > > > > > > IPv6 wg OKed HAO in draft 5 or 6. HAO changed a > > lot since then, > > > and i think it not reasonable for you to think that > > new-HAO is also > > > OKed automaticalliy. > > > > new-HAO?? the format has not changed. neither has the > > processing. it is still a destination option. how is it new? > > infact it has > > been made secure by the new verification step. > > > > infact, (IMO) there is no need for this new verification step > > if we have smart ingress filtering as described by Francis > > Dupont in > > http://www.ietf.org/internet-drafts/draft-dupont-ipv6-ingress- > filtering-00.txt. > Francis is probably around somewhere. can you please talk to him? > > Vijay -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------
