On Wed, Apr 25, 2007 at 05:39:40PM -0700, Bob Hinden wrote: > 1) Deprecate all usage of RH0 > 2) Recommend that RH0 support be off by default in hosts and routers > 3) Recommend that RH0 support be off by default in hosts > 4) Limit it's usage to one RH0 per IPv6 packet and limit the number > of addresses in one RH0. > > These examples are not all mutually exclusive. > > Please respond to the list with your preference and justifications.
I wonder if it might be good to have a knob that controls how many _remaining_ hops you are willing to consider. This can then be used to used to implement (2) or (3). For example, the default could be set this knob to zero on end hosts by default, so we only process RH0 where we are the last hop. We could also set this knob to one on routers by default. This would mean you can do things like intermediate-point-traceroute on the IPv6 Internet, which is useful for diagnosing all sorts of things (e.g. is my current route to a praticular host dead, or is the problem elsewhere?). The choice to limit the remaining hops (rather than total number of hops) means that an organisation could use RH0 internally as much as it liked, just as long as only one intermediate hop remained by the time it left the organisation. An attacker might still be able to bounce packets between two organisations that had configured a higher limit, providing that they weren't already doing ingress/egress filtering. David. -------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------