I'm sending this on behalf of itojun. I talked with itojun today over the phone. He now seems to have understood that his strong language does not help us move forward. He has asked me to translate his intension into plain English and post it to the list on his behalf. So, I'm trying my best.
> 1) Deprecate all usage of RH0 itojun has been spending his life for IPv6, and took the rthdr0 issue very seriously. The language he used was completely inappropriate. It was partly due to his mental condition and the effect of the pills, but he was in a panic mode and thought such language would help to push people. Anyway, technical points itojun was trying to make are: - Please do not underestimate the security risk. It is very easy to exploit this security hole, just to find 2 vulnerable machines. A damage could be fatal for the IPv6 deployment if simultaneous attacks are well orchestrated. - For KAME derived implementations, please apply the 2 patches from the KAME tree described at http://www.kame.net/newsletter/20070502/index.html One is for not processing rthdr0, and the other is for immediately dropping packets with more than one routing headers in ip6_input(). - Please do not leave a sysctl knob for accepting rthdr0. Its risks are too high for very limited benefits. Hope this helps. -Kenjiro -------------------------------------------------------------------- IETF IPv6 working group mailing list [email protected] Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
