Brian, > -----Original Message----- > From: Brian E Carpenter [mailto:[email protected]] > Sent: Friday, September 11, 2009 4:06 PM > To: Templin, Fred L > Cc: Christian Huitema; v6ops; [email protected]; [email protected] > Subject: Re: Routing loop attacks using IPv6 tunnels > > On 2009-09-12 09:13, Templin, Fred L wrote: > > (much text deleted) > > > Otherwise, the best solution IMHO > > would be to allow only routers (and not hosts) on the > > virtual links. > > This was of course the original intention for 6to4, so > that any misconfiguration issues could be limited to presumably > trusted staff and boxes. Unfortunately, reality has turned out > to be different, with host-based automatic tunnels becoming > popular.
Thanks. I was rethinking this a bit after sending, and I may have been too premature in saying routers only and not hosts. What I would rather have said was that mechanisms such as SEcure Neighbor Discovery (SEND) may be helpful in private addressing domains where spoofing is possible. Let me know if this makes sense. Fred [email protected] > > Brian > > -------------------------------------------------------------------- > IETF IPv6 working group mailing list > [email protected] > Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 > -------------------------------------------------------------------- -------------------------------------------------------------------- IETF IPv6 working group mailing list [email protected] Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
