> -----Original Message----- > From: [email protected] [mailto:[email protected]] On > Behalf Of Fernando Gont > Sent: Monday, January 09, 2012 1:37 AM > To: Florian Weimer > Cc: Brian Haberman; [email protected]; Brian E Carpenter > Subject: Re: Fragmentation-related security issues > > On 01/09/2012 05:32 AM, Florian Weimer wrote: > >>> The ULA will have no meaning for ICMP messages that leave the > >>> administrative domain. > >> > >> That doesn't matter, > > > > How do you implement BCP38 filters if the address lacks > clear ownership? > > Same thing would happen as it currently happens with ICMP > error messages > sourced from private addresses: some get "mysteriously" > dropped. -- i.e. > using ULAs for the source address of ICMPv6 messages seems like a very > bad idea.
What I care most about is the value of the source address from the perspecive of the ICMP message recipient. I think no matter the source address scope, the recipinet cannot use the source address alone as a means of authenticating the ICMP, since there is no guarantee that BCP38 is universally implemented. Right? Thanks - Fred [email protected] > Thanks, > -- > Fernando Gont > SI6 Networks > e-mail: [email protected] > PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492 > > > > -------------------------------------------------------------------- > IETF IPv6 working group mailing list > [email protected] > Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 > -------------------------------------------------------------------- > -------------------------------------------------------------------- IETF IPv6 working group mailing list [email protected] Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
