Hi Thomas, >From mails I see on the list and offline, I see people who seem to say they want the functionality. One of the reasons the functionality is probably not present or used as much is because IPv6 deployments aren't as widely present as IPv4.
That said my way forward would be to recommend the RPF check at the edge of networks if such functionality is required and firewalling it as a default case. Hi Arnaud, I agree that adding new functionality to any protocol adds new attack vectors. As a protocol feature designer when adding any new functionality, I need to see the security aspects of the functionality too. I do not think every possible attack can be mitigated, but the idea should be the remaining attack vectors are so CPU intensive/ costly that it would require a lot more effort on the part of the attacker to carry out an attack. The RH0 attack is not that serious as some have pointed out, but the ease of making it a lot more dangerous. Thanks, Vishwas On 8/30/07, Thomas Narten <[EMAIL PROTECTED]> wrote: > > However it seems you have probably not followed mails I have sending > > carefully enough. I have raised this issue on the list way back and > > got some feed back too. I have found based on feedback the main uses > > of the RH header to be Explicit Traffic Engineering as well as for OAM > > purposes (something the IETF has underplayed for a long time). There > > is a paper by Geoff Huston (I am not totally sure it was him), that > > gives some use cases for operators. > > What I mean by "find a use" or "find a customer", is not to point to > some generic, hand-wavy "it would be nice" from some third party. It > is to get the customer/user who has a real problem to solve to come > and explain what that problem is, so we can talk about about how to > solve it. Anything short of that risks development of a solution in > search of a problem. The IETF has a lot of experience with that, and > it is mostly negative. > > It's easy to find _possible_ uses. What we should be looking for is a > problem that needs solving, for which a routing header really is a > good/best solution, not just a "cool" or "neat" solution. > > > Having been the one to have identified the amplification attacks > > around a couple of years ago, I realize the problems and related > > security issues. However I am not sure of how you say there are no use > > cases. I got the information asking that very question on the list. It > > would be great if you can let me know what you base your assumptions > > on? > > RH0 has been part of IPv6 for more than a decade. Remind of _who_ has > used it or is using it, and what critical applications take advantage > of it. I believe the answer to the question is pretty much the empty > set. That is what I mean there being "no use cases". > > Thomas > -------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
