Hi, On Thu, Feb 24, 2022 at 06:11:59PM +0000, Vasilenko Eduard via ipv6-wg wrote: > > Eh. So, you might want to consider not deploying insecure technology (SRv6) > > that has very obvious security problems, as has been pointed out on the > > various IETF lists, or misusing address space for something it is not meant > > for. > > The next solution in the same draft > https://datatracker.ietf.org/doc/html/draft-ietf-spring-srv6-srh-compression-00 > does not have the same problem. It has just one copy of the prefix in the > destination address. Hence, it could be any length (even bigger the /64).
Much better wrt address consumption, but still SR6 has unsolved security problems. As a consequence, SR6 can only be deployed if your network is fully disconnected from everyone else (including possibly untrusted customers) - and if you have that, it does not really matter what addresses you use. Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279
signature.asc
Description: PGP signature
-- To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/ipv6-wg