On 2009-09-12 11:12, Templin, Fred L wrote:
> Brian,
>
>> -----Original Message-----
>> From: Brian E Carpenter [mailto:brian.e.carpen...@gmail.com]
>> Sent: Friday, September 11, 2009 4:06 PM
>> To: Templin, Fred L
>> Cc: Christian Huitema; v6ops; ipv6@ietf.org; sec...@ietf.org
>> Subject: Re: Routing loop attacks using IPv6 tunnels
>>
>> On 2009-09-12 09:13, Templin, Fred L wrote:
>>
>> (much text deleted)
>>
>>> Otherwise, the best solution IMHO
>>> would be to allow only routers (and not hosts) on the
>>> virtual links.
>> This was of course the original intention for 6to4, so
>> that any misconfiguration issues could be limited to presumably
>> trusted staff and boxes. Unfortunately, reality has turned out
>> to be different, with host-based automatic tunnels becoming
>> popular.
>
> Thanks. I was rethinking this a bit after sending, and
> I may have been too premature in saying routers only
> and not hosts.
>
> What I would rather have said was that mechanisms such as
> SEcure Neighbor Discovery (SEND) may be helpful in private
> addressing domains where spoofing is possible. Let me know
> if this makes sense.
Except for the practical problems involved in deploying SEND.
We still have an issue in unmanaged networks.
Brian
--------------------------------------------------------------------
IETF IPv6 working group mailing list
ipv6@ietf.org
Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------
