Date: Tue, 3 Jun 2003 14:28:14 +0300 (EEST)
From: Pekka Savola <[EMAIL PROTECTED]>
Message-ID: <[EMAIL PROTECTED]>
| Hence why the ordering could be reversed: no modifications necessary for
| working-by-default-for-the-first-try configuration.
Which is "working-by-default-for-the-first-try" depends entirely upon
how the network is built - in some environments, global addresses might
not work first try (for some applications, I'd be tempted to have
an attempt from any global source addr, or to any global dest addr,
automatically dropped on the floor - and not for any supposed security
reason).
| You mean that NIQ should be amended to allow queries from that space and
| forget about the TTL=255 security hack?
I really meant that NIQ as currently defined, for QTYPE==3, has an "S"
bit in the query that requests "site local" addresses. Something needs
to work out how that applies (how NIQ applies in general) to these new
kind of addresses. NIQ is too useful to just allow to wither.
That's as in draft-ietf-ipngwg-icmp-name-lookups-09.txt which is the most
recent I can find. It has no mention I could see of what address types
should be allowed, nor any TTL==255 hack. I can imagine that in some
environments restricting NIQ to LL addresses, and/or TTL==255 might be
worthwhile as a kind of security (close to useless), but I certainly can't
imagine the spec ever permitting only that - that would outlaw its use
in other environments where real security (as in IPsec) existed for the
query.
kre
--------------------------------------------------------------------
IETF IPng Working Group Mailing List
IPng Home Page: http://playground.sun.com/ipng
FTP archive: ftp://playground.sun.com/pub/ipng
Direct all administrative requests to [EMAIL PROTECTED]
--------------------------------------------------------------------
