> - As discussed in the context of the ICMPv6 spec revision, there are > similar multicast respond flooding issues even with base IPv6 > processing before you get to any "application" such as ping. > Unrecognized destination option, for instance, would cause a > flood of responses.
This has been described as point 5 in the Security Considerations section of the latest draft (draft-ietf-ipngwg-icmp-v3-03.txt). > In general, we may not wish to limit the ability of applications > to respond to multicast, that may be needed in some cases. However, > applications that do respond to multicast probably want to say > something about the remaining case in their security considerations > section. Some applications may also use some form of source > authentication to ensure that only the legitimate sender's messages > are processed. I agree. > This still leaves open what the behaviour for ICMPv6 Echo Request > should be. I would not bundle this issue with what the other > applications do, but my default answer would be to not respond > to multicast requests unless there is a specific reason to do > so. In this case there seems to be some discussion about multicast > debugging capabilities. I do not have experience of that myself. > Are multicast echo requests the primary multicast debugging > mechanism? If yes, we should allow responses to be sent. If not, > I agree with Suresh that it should be disallowed. Note that > multicast debugging through echo responses is naturally limited > to rather small multicast groups ;-) So I suspect people who > need multicast in a large scale are going to need another > debugging tool in any case. I do not have any preferences here either. I agree with Pekka that it should be either MUST or MUST NOT. Leaving it as a SHOULD is not a good idea. Now, who can tell if multicast echo request is the primary multicast debugging mechanism or not ?? Regards Mukesh -------------------------------------------------------------------- IETF IPv6 working group mailing list [EMAIL PROTECTED] Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
