On 17-May-2007, at 19:17, Iljitsch van Beijnum wrote:
After reading draft-ietf-ipv6-deprecate-rh0-00.txt, I found several
problems:
- the draft mentions "serious security implications" that can be
"exploited"
without explaining what those are
I see some value in producing a companion draft which gives concrete
examples of problems with source routing in general -- such a
document might cover more than just RH0 functionality (e.g. it might
include discussion on IPv4 loose source routing). I see your attached
text, which seems like it would be right at home in such a document;
I also have some summaries of the issues packaged in the CanSecWest
presentation that I had previously intended for section 5 that might
be of some use.
- the draft "deprecates" the routing header type 0 without explaining
what deprecation entails
I thought sections 3.1 and 3.2 were fairly clear. If you'd like to
propose text to make them clearer, I'd gladly read it.
- the document forbids origination or processing of packets with a
routing header type 0, which is contrary to my interpretation of the
meaning of "deprecate"
What is your interpretation, then?
- although listed as an informative reference, the draft
exclusively relies
on http://www.secdev.org/conf/IPv6_RH_security-csw07.pdf to explain
the problems the draft endeavors to solve
No, there are other references.
Joe
--------------------------------------------------------------------
IETF IPv6 working group mailing list
[email protected]
Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------
