Hi Vishwas, "Vishwas Manral" <[EMAIL PROTECTED]> writes:
> Hi Thomas, > >>From mails I see on the list and offline, I see people who seem to say > they want the functionality. Yes, they say they want the functionality. But even after many repeated questions, i don't get the purpose or the use. For me, being able to bounce packets on others' routers towards selected targets is not a purpose or a use. Being able to debug a routing issue is. > One of the reasons the functionality is probably not present or used > as much is because IPv6 deployments aren't as widely present as IPv4. Are you implying that the functionality is used in IPv4 networks? > That said my way forward would be to recommend the RPF check at the > edge of networks if such functionality is required and firewalling it > as a default case. You basically speak about ingress-filtering at the scale of Internet. I wish someone could make that happen but this is only (still) a dream. For the firewalling part, you mean implementing the mechanism everywhere (again, for no specific use) to then deactivate processing by default. > I agree that adding new functionality to any protocol adds new attack > vectors. Adding useless functionalities adds useless attack vectors. > As a protocol feature designer when adding any new functionality, I > need to see the security aspects of the functionality too. I do not > think every possible attack can be mitigated Why ? It's probably true afterwards, but during the design of a functionality, you can do pretty much everything to prevent a misuse if you have security in mind. This can be done if you know the purpose of your functionality (to keep things usable). Here, you don't know what it will be used for, what the required deployment scale is, .... i.e. you just want to keep source routing in IP stacks because it seems fun. This is the way I see current discussions on that topic. Regards, a+ -------------------------------------------------------------------- IETF IPv6 working group mailing list [email protected] Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
