On 2009-09-12 11:12, Templin, Fred L wrote: > Brian, > >> -----Original Message----- >> From: Brian E Carpenter [mailto:brian.e.carpen...@gmail.com] >> Sent: Friday, September 11, 2009 4:06 PM >> To: Templin, Fred L >> Cc: Christian Huitema; v6ops; ipv6@ietf.org; sec...@ietf.org >> Subject: Re: Routing loop attacks using IPv6 tunnels >> >> On 2009-09-12 09:13, Templin, Fred L wrote: >> >> (much text deleted) >> >>> Otherwise, the best solution IMHO >>> would be to allow only routers (and not hosts) on the >>> virtual links. >> This was of course the original intention for 6to4, so >> that any misconfiguration issues could be limited to presumably >> trusted staff and boxes. Unfortunately, reality has turned out >> to be different, with host-based automatic tunnels becoming >> popular. > > Thanks. I was rethinking this a bit after sending, and > I may have been too premature in saying routers only > and not hosts. > > What I would rather have said was that mechanisms such as > SEcure Neighbor Discovery (SEND) may be helpful in private > addressing domains where spoofing is possible. Let me know > if this makes sense.
Except for the practical problems involved in deploying SEND. We still have an issue in unmanaged networks. Brian -------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------