Jinmei,
[with no hats on]
So, for example, the abstract of the 00 text seems to overstate the
issue:
The functionality provided by IPv6's Type 0 Routing Header can be
exploited in order to perform remote network discovery, to bypass
firewalls and to achieve packet amplification for the purposes of
generating denial-of-service traffic. [...]
I'd rephrase this so that we can concentrate on the exact problem:
The functionality provided by IPv6's Type 0 Routing Header can be
exploited in order to achieve packet amplification for the purposes
of generating denial-of-service traffic. This document updates the
IPv6 specification to deprecate the use of IPv6 Type 0 Routing
Headers, in the light of the severity of this security concern.
I agree that we should be clear about the problem and think your
proposed text does that well.
2. More precise description of what deprecate means in the context of
this document.
Yes, this would be good. I assume this also intends to clarify more
details about the processing behavior described in Section 3.2, e.g.
- what the receiving node should do if it receives a packet containing
RH0 with the segment left field being 0
- whether or not ICMPv6 error is returned when a node receives a
packet containing RH0
I also agree that spelling this out in more detail as you suggest is
a good idea.
Bob
--------------------------------------------------------------------
IETF IPv6 working group mailing list
ipv6@ietf.org
Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------