>On Wed, May 16, 2007 at 03:54:48PM -0700, Dow Street wrote: >> I think the new draft is too extreme in its mitigation approach, and >> would favor the "disable by default" option instead. > >I think the new draft is too soft in it's mitigation approach, and would >favour language that more strongly encourages filtering rthdr0 on the >forwarding path for all routers.
I think deprecation of RH0 along with BCP 38/84 ingress filtering on the edge would be effective in limiting attacks to internal networks. What to do about intra-site attacks, particularly those using valid source addresses isn't quite as clear to me. Loose RPF would effectively handle attacks using martian addresses as sources, but (as had been correctly pointed out earlier) do nothing to prevent those launched from valid source addresses. It seems to me that filtering RH0 on the forwarding path of all routers could incur some performance penalty (in the form of high CPU utilization concomitant to targeting routers with a sufficiently high # of packets containing RH0). > > >> In this case, disabling by default and filtering when RH0 is turned >> on allows for careful investigation and experimentation of different >> use models. > >We've had decades to carefully investigate and expermient with different >use models for loose source routing, and the only compelling ones we've >discovered are malicious attacks. I agree. IMO there has not been an effective use case presented for RH0 use. If the functionality provided by RH0 is required, I'd support creation of a new routing header (disabled by default). Just my two cents. > >-Ryan Best Regards, Tim Enos Rom 8:28 -------------------------------------------------------------------- IETF IPv6 working group mailing list [email protected] Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
