On Sun, 23 Dec 2001, Brian E Carpenter wrote: > > IMO, this is the wrong approach. Security precautions should be discussed > > and handled all the way through the specification (as with Shipworm), and > > in security considerations, a summary and remainder threats discussed. > > Remainder threats are not covered there. > > Are you aware of any except spoofing?
Aware of what, exactly? Remainder threats? From the top of my head, if proper checks are not implemented: - being able to send hlim=255 link/site locals to the pseudointerface - numerous other more general spoofing attacks if checks are implemented: - relays used for reflection (to 2002:[target ipv4], possibly broad/multicast) - relays being used without authorization (theft of service and how to avoid it) [BGP advertisement restrictions aren't enough] - more or less authorized relay sending e.g. spoofed 2002:: packets As can be seen and has been seen, relays are the toughie here.. > > - should autotunnel be deprecated in a more official fashion? > > Probably. That means removing it from the address architecture and from > RFC 2893. Addrarch revision is underway (close to complete I fear), so this might be the chance to do one of these (next one would possibly be in 2-3 years). I commented on the fact earlier too, because I didn't see all that much point in describing just one special tunneling technique in addrarch. If curious, the message was: Date: Sun, 26 Aug 2001 00:20:38 +0300 (EEST) From: Pekka Savola <[EMAIL PROTECTED]> To: Bob Hinden <[EMAIL PROTECTED]> cc: <[EMAIL PROTECTED]> -- Pekka Savola "Tell me of difficulties surmounted, Netcore Oy not those you stumble over and fall" Systems. Networks. Security. -- Robert Jordan: A Crown of Swords -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------
