On 18-May-2007, at 12:20, Pekka Savola wrote:
I'm also supportive of your concern that the draft should tone down
"serious security implications" that can be "exploited" -- even if
these were true, I don't feel it's necessary to have such
(potentially) contentious words in this draft; the key point is the
deprecation, not getting perfect consensus on why we deprecate and
how exactly we write it down.
The draft contains this sentence in the abstract:
The functionality provided by IPv6's Type 0 Routing Header can be
exploited in order to perform remote network discovery, to bypass
firewalls and to achieve packet amplification for the purposes of
generating denial-of-service traffic.
and this sentence in section 5:
The purpose of this document is to deprecate a feature of IPv6 which
has been shown to have serious security implications.
The word "exploit" (or derivatives) and the word "serious" do not
otherwise exist in the document. If people have concerns with those
two sentences above, I would welcome suggested improvements to the text.
Joe
--------------------------------------------------------------------
IETF IPv6 working group mailing list
ipv6@ietf.org
Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------
