At Thu, 10 May 2007 10:11:16 +0200,
"Ebalard, Arnaud" <[EMAIL PROTECTED]> wrote:
> Some comments on that :
> - This prevents blindly source-routed packets to be processed by the
> final destination (null value for Segments Left field), i.e. this
> prevents an attacker to target an instance of a service after having
> escaped the natural path (DMZ concern, Anycast service).
>
> - This part is an obvious update to Section 4.4 of RFC 2460: IMHO, final
> destination should only accept source-routed traffic when the
> associated RH type is configured, activated and guarantied to have no
> impact. The sentence is in sync with MIPv6.
Are you suggesting the following part should apply regardless of the
type of routing header?
In particular, the value of the Segments Left field
MUST not be considered.
If so, I don't think the current rh0 draft could be interpreted that
way (aside from whether we'd agree it in the first place).
JINMEI, Tatuya
Communication Platform Lab.
Corporate R&D Center, Toshiba Corp.
[EMAIL PROTECTED]
--------------------------------------------------------------------
IETF IPv6 working group mailing list
[email protected]
Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------
