On Wed, Apr 25, 2007 at 05:39:40PM -0700, Bob Hinden wrote:
> 1) Deprecate all usage of RH0
> 2) Recommend that RH0 support be off by default in hosts and routers
> 3) Recommend that RH0 support be off by default in hosts
> 4) Limit it's usage to one RH0 per IPv6 packet and limit the number
> of addresses in one RH0.
>
> These examples are not all mutually exclusive.
>
> Please respond to the list with your preference and justifications.
I wonder if it might be good to have a knob that controls how many
_remaining_ hops you are willing to consider. This can then be used
to used to implement (2) or (3). For example, the default could be
set this knob to zero on end hosts by default, so we only process
RH0 where we are the last hop. We could also set this knob to one
on routers by default.
This would mean you can do things like intermediate-point-traceroute
on the IPv6 Internet, which is useful for diagnosing all sorts of
things (e.g. is my current route to a praticular host dead, or is
the problem elsewhere?).
The choice to limit the remaining hops (rather than total number
of hops) means that an organisation could use RH0 internally as
much as it liked, just as long as only one intermediate hop remained
by the time it left the organisation. An attacker might still be
able to bounce packets between two organisations that had configured
a higher limit, providing that they weren't already doing ingress/egress
filtering.
David.
--------------------------------------------------------------------
IETF IPv6 working group mailing list
ipv6@ietf.org
Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------
