In your previous mail you wrote: > and that your home agent must be part of the > still-not-existing global AAA infrastructure so that you could use HAO. > > => as I've said, this *recommendation* is for your protection: > without remote network access control you can be a target... Ah, but I think the issue is who the victims are. If *I* add protection in my network, that does *not* guarantee I won't
=> there is *no* guarantee with ingress filtering: its purpose is not to make source address spoofing impossible, it is to make it enough unattractive. be hit by reflection attacks from someone's network that only has regular ingress filtering (without the stateful and AAA patches). => you have forgotten the purpose of ingress filtering. To get the level of security you seems to want, AH should be mandatory (its use, not its implementation). Regards [EMAIL PROTECTED] -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------