Re: New "IP Version 6 Addressing Architecture" draft

Fri, 21 Jul 2000 18:48:56 -0700 

>> No, SIIT doesn't require user-level programs to receive IPv4 packets on
>> AF_INET6 socekts.  It only requires that IPv6 packets (with v4-mapped
>> addresses) are received on AF_INET6 sockets.  Machines living on the v6 side
>> of the translator only need to speak v6!
>Yes, SIIT is for IPv6 node that is not IPv4 capable.
>And you can drop packet that have encapsulated ipv4 source
>address belongs to local subnet (a.b.c.d/n) from outside:
>   subnet      +----------+ outside (IPv6, IPv4)
>---------------| SIIT Box |----------------------
> (a.b.c.d/n)   +----------+
>And, leaf nodes should drops packets from ::ffff:127.0.0.0/104 from subnet
>as we want to drop 127.0.0.0/8 on ipv4 nodes:
>+-----------+            subnet
>| ipv6 node |---------------------------------
>+-----------+ (IPv6 capable, don't care IPv4)

        though this is not the original issue I raised...

        do you require all the nodes in SIIT cloud to be IPv6-only? 
        (meaning that no IPv4 support in the kernel, not just "no IPv4
        configuration")  I think that SIIT RFC is vague about what "IPv6-only"
        means.
        if SIIT asks all the nodes in the SIIT cloud to remove IPv4 support
        from the kernel, that is way far from reality.  For most of
        the operating systems I look into, we cannot remove IPv4 support in
        the kernel.

>Itojun, issues/examples you raised are not problems
>(at RFC2553 or addressing-architecture level).
>You should raise new examples again to convince us.

        okay guys, i still believe this is very serious issue, but you still
        do not agree with me.  I drop comment about the address architecture,
        for now.
        i need to convince you with real example.  i'll need to come up with
        test program that transmits malicious packet, and talk with CERT/
        bugtraq guys if necessary...

itojun
--------------------------------------------------------------------
IETF IPng Working Group Mailing List
IPng Home Page:                      http://playground.sun.com/ipng
FTP archive:                      ftp://playground.sun.com/pub/ipng
Direct all administrative requests to [EMAIL PROTECTED]
--------------------------------------------------------------------

Reply via email to