Bob,
On Wed, 2007-04-25 at 17:39 -0700, Bob Hinden wrote: > > We think the question for the IPv6 working group on this topic is > does the working group want to do anything to address the issues > raised about the Type 0 routing header. Possible actions include: > > 1) Deprecate all usage of RH0 > 2) Recommend that RH0 support be off by default in hosts and routers > 3) Recommend that RH0 support be off by default in hosts > 4) Limit it's usage to one RH0 per IPv6 packet and limit the number > of addresses in one RH0. > > These examples are not all mutually exclusive. > > Please respond to the list with your preference and justifications. > I am a bit surprised that the security problems with the routing header come as some sort of revelation at this stage. The intent, as I recall, in including this feature was to duplicate IPv4 source routing (originally strict source routing was supported) with all the problems, but get the specification of the processing cleaned up. That was accomplished in spades. As I recall from my conversations with him, Steve Deering never wanted this mess in the specification in the first place. I don't think it was part of SIPP but I don't have the spec handy. My recollection of a conversation with Steve on this topic back in the previous century, at an IPv6 bake-off, was that it was "forced upon us" by the politics of the IPng "process". I think we can safely put to bed the idea that the designers were dolts who didn't learn from history. That doesn't mean there weren't dolts involved in the "process".:-) That said I am in favor of 2. It is the easiest to retrofit onto existing implementations. The question I have is what action should a host and/or router take if it receives a datagram with a routing header while support is disabled: 1) ICMPv6 destination unreachable/admininistratively prohibited. 2) Other ICMPv6 destination unreachable. 3) Silent discard. I vote for 3 but I could be convinced about 1 or 2. It appears that IPv4 is supposed to do the equivalent of 1. Tim Hartrick -------------------------------------------------------------------- IETF IPv6 working group mailing list [email protected] Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
