Itojun writes (in response to Michael Hunter): > >This looks like a strong draft. Several issues exist though. > > > >1) There is no mention of RFC 3041 (privacy enhanced) addresses. Both > >the issue as to if they should be responded with and if they should be > >responded to needs to be addressed. > > just FYI from implementation POV: KAME implementation does not > include RFC3041 addresses in the response by default. there's a > configuration flag bit which makes the responder to include RFC3041 > addresses as well. > > i guess that sensible default would be not to include RFC3041 > addresses.
Unless you have a way to generate a temporary name for a temporary addresses (e.g. one automatically generated from the address). > >2) The security model is unclear as to the scope of responses. There > >is a sentence in the "Security Consideration" section which states the > >implementation should have a default configuration which refuses to > >respond to global scope addresses. > > > >If this means that the protocol should be limited to link local > >addresses that should be stated directly. Use of a 1 Hop Limit or 255 > >Hop Limit with check would enforce this (see LLMNR for example and > >reasons). I think limiting the protocol to the link local reduces > >its usefulness. > > i really would like to keep it usable globally (= do not limit > it to link-local only). we use the protocol to query name of > intermediate routers, which is several hops away, for debugging > purposes. I agree with itojun here. > >If its not limited to the link local then this protocol should probably > >be filtered at the edge of the administrative domain. > > it is up to administrator of the domain, therefore i think > recommendation like "SHOULD filter" is too strong. how about > "may want to filter" or something like that? I agree here too. -Dave > itojun > -------------------------------------------------------------------- > IETF IPng Working Group Mailing List > IPng Home Page: http://playground.sun.com/ipng > FTP archive: ftp://playground.sun.com/pub/ipng > Direct all administrative requests to [EMAIL PROTECTED] > -------------------------------------------------------------------- -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------
