On 8/28/07, David Malone <[EMAIL PROTECTED]> wrote: > On Mon, Aug 27, 2007 at 03:53:22PM -0400, Suresh Krishnan wrote: > > >I would be curious how people feel about these choices if they also apply > > >to (as they should) IPv4 source routing. > > > I think the problems, though overlapping, are completely different in > > magnitude. The problem with IPv4 source routing is not AS SEVERE as the > > problem with RH0. >
The 'problem' with source-routing is that people forgot that it exists, plain and simple. Then someone stood up and said, look! with source-routing I can ... source-route packets! and I can do 'bad things'. Then people got all flakey and decided we better just turn that off and remove it from the protocol :( people haven't removed ICMP from the earth and it's been responsible for more 'security incidents' over time than source-routing. The same goes for http for that matter. > Actually - I've a feeling that at the time the problems with IPv4 > source routing were discussed, they would have been considered more > severe. They allowed remote user (or maybe even root) level access > to many systems. At the time DoSes weren't considered so serious. Yup, and someone/no-one noted this as a real concern with ipv6 RH0, everyone focused on the least interesting problem and decided to shutdown RHO and excise it from the protocol... a blatant knee jerk reaction. It's interesting to me that this blatant knee jerk reaction is getting a base protocol level change, yet locator/id split isn't. It's interesting that folks feel in this instance ipv6 is 'less used and less critical' and thus able to be changed where in the locator/id split discussion that argument was not acceptable. 'hypocrisy' I think is the word I'm looking for? > Today, a DoS, even with a magnification factor of 80 or so, is > probably less severe in my mind. YMMV... > and 80x magnification is a problem... but in this case (and in many other cases of same) there are simple solutions that could/should be used. Solutions which don't require base protocol changes. -Chris -------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------