On 2007-04-26 02:39, Bob Hinden wrote:
[trimming this to just the IPv6 w.g.]
We think the question for the IPv6 working group on this topic is does
the working group want to do anything to address the issues raised about
the Type 0 routing header. Possible actions include:
1) Deprecate all usage of RH0
2) Recommend that RH0 support be off by default in hosts and routers
3) Recommend that RH0 support be off by default in hosts
4) Limit it's usage to one RH0 per IPv6 packet and limit the number of
addresses in one RH0.
Excuse my ignorance, but have the following three rules ever been
considered?
1. The list of addresses in an RH0 MUST NOT include the packet's source address.
2. The same address MUST NOT occur more than once in an RH0.
3. A node processing an RH0 MUST discard any packet breaking these two rules.
I'd be interested in whether this would eliminate the various attacks.
(I'm not really advocating this, since it is added complexity for
a feature that we don't obviously need anyway. But if we don't deprecate
it, all the other options seem to leave the threats in place.)
Brian
--------------------------------------------------------------------
IETF IPv6 working group mailing list
[email protected]
Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------
