>This looks like a strong draft. Several issues exist though.
>
>1) There is no mention of RFC 3041 (privacy enhanced) addresses. Both
>the issue as to if they should be responded with and if they should be
>responded to needs to be addressed.
just FYI from implementation POV: KAME implementation does not
include RFC3041 addresses in the response by default. there's a
configuration flag bit which makes the responder to include RFC3041
addresses as well.
i guess that sensible default would be not to include RFC3041 addresses.
>2) The security model is unclear as to the scope of responses. There
>is a sentence in the "Security Consideration" section which states the
>implementation should have a default configuration which refuses to
>respond to global scope addresses.
>
>If this means that the protocol should be limited to link local
>addresses that should be stated directly. Use of a 1 Hop Limit or 255
>Hop Limit with check would enforce this (see LLMNR for example and
>reasons). I think limiting the protocol to the link local reduces
>its usefulness.
i really would like to keep it usable globally (= do not limit
it to link-local only). we use the protocol to query name of
intermediate routers, which is several hops away, for debugging
purposes.
>If its not limited to the link local then this protocol should probably
>be filtered at the edge of the administrative domain.
it is up to administrator of the domain, therefore i think
recommendation like "SHOULD filter" is too strong. how about
"may want to filter" or something like that?
itojun
--------------------------------------------------------------------
IETF IPng Working Group Mailing List
IPng Home Page: http://playground.sun.com/ipng
FTP archive: ftp://playground.sun.com/pub/ipng
Direct all administrative requests to [EMAIL PROTECTED]
--------------------------------------------------------------------
