Hi Joe, > -----Original Message----- > From: Joe Touch [mailto:to...@isi.edu] > Sent: Tuesday, December 06, 2016 1:37 PM > To: Templin, Fred L <fred.l.temp...@boeing.com> > Cc: int-area@ietf.org > Subject: regarding subnet redirects > > Hi, Fred, > > I'm encouraging you to pull this out of AERO and submit it as a separate > doc. I don't think it will gain acceptance as part of the larger spec; > most people won't see it as independently useful or won't find it at > all, IMO.
Understand what you are saying, and I see the point. Can this be done in such a way as to not block the AERO spec from going forward, however? > However, as part of a separate doc, you need to explain more carefully > the conditions under which it can be safe to use. I don't think assuming > source addresses are valid is a reasonable requirement; that requires > that every port on a LAN have that filtering. There needs to be some > other way to ensure that the message comes from a valid source, and > should rely on as few new protocols as possible. There are certainly environments where source addresses cannot be spoofed and so checking the source address is an option. Another idea that is in AERO(bis) but not in RFC6706 is for the Predirect to include a Nonce that the target has to echo back in the corresponding Redirect. The source can then accept the Redirect only if it came from a legitimate target. Thanks - Fred fred.l.temp...@boeing.com > > FYI. > > Joe _______________________________________________ Int-area mailing list Int-area@ietf.org https://www.ietf.org/mailman/listinfo/int-area
