Hi Fred, >> Are you are referring here to 'draft-nakibly-v6ops-tunnel-loop-01'?
Yes, that's correct. Thank you, Dmitry -----Original Message----- From: ipv6-boun...@ietf.org [mailto:ipv6-boun...@ietf.org] On Behalf Of Templin, Fred L Sent: Friday, March 12, 2010 1:13 PM To: Dmitry Anipko; Gabi Nakibly; v6ops Cc: ipv6@ietf.org; sec...@ietf.org Subject: RE: Routing loop attacks using IPv6 tunnels Hi Dmitry, > -----Original Message----- > From: Dmitry Anipko [mailto:dmitry.ani...@microsoft.com] > Sent: Friday, March 12, 2010 12:54 PM > To: Templin, Fred L; Gabi Nakibly; v6ops > Cc: ipv6@ietf.org; sec...@ietf.org > Subject: RE: Routing loop attacks using IPv6 tunnels > > Hello, > > I wanted to follow up on Fred's comment earlier in this thread: > > >> OK. That will greatly simplify the checks needed for new > automatic tunneling protocols that have a format other > than ip-proto-41. > > For the designers of new tunneling protocols, shall perhaps a recommendation > on best practices be > included into the draft or another document, that for the new tunnels a > different protocol value / > format should be used? Are you are referring here to 'draft-nakibly-v6ops-tunnel-loop-01'? If so, IMHO this document would be the natural location for such a recommendation. > Examples of such protocol / formats could include using a different > next-protocol value, potentially > with some multiplexing schema if just using different next-protocol values is > not scalable, or > possibly some other format. Yes, I think it would be very good to declare ip-proto-41 as fully-developed and recommend that new tunneling protocols use a different ip protocol number and/or TCP/UDP port number. This would greatly reduce the concern for having to go back and revisit tunneling implementations that perform src/dst checks if a new tunneling protocol happens to emerge. Gabi - do you have any thoughts on this? Thanks - Fred fred.l.temp...@boeing.com -------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
