This could be of interest. Comments directly to me or possibly on the v6ops mailing-list, I think.
There may be some issues wrt. RFC2460 that may warrant discussion here too, though. -- Pekka Savola "Tell me of difficulties surmounted, Netcore Oy not those you stumble over and fall" Systems. Networks. Security. -- Robert Jordan: A Crown of Swords ---------- Forwarded message ---------- Date: Wed, 25 Sep 2002 10:47:41 +0300 (EEST) From: Pekka Savola <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: draft on v6 firewalling Hello, I've submitted an I-D on IPv6 firewalling issues, and it should be available in the repository shortly. In the meantime, it's available at: http://www.netcore.fi/pekkas/ietf/draft-savola-v6ops-firewalling-00.txt Below is the abstract: There are quite a few potential problems regarding firewalling or packet filtering in IPv6 environment. These include slight ambiguity in the IPv6 specification, problems parsing packets beyond unknown Extension Headers and Destination Options, and introduction of end- to-end encrypted traffic and peer-to-peer applications. There may also be need to extend packet matching to include some Extension Header or Destination Option fields. This draft discusses these issues to raise awareness and proposes some tentative solutions or workarounds. It's 8 pages. Thanks. -- Pekka Savola "Tell me of difficulties surmounted, Netcore Oy not those you stumble over and fall" Systems. Networks. Security. -- Robert Jordan: A Crown of Swords -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------
