Title: Message
hi,
jak
I
appreciate your answer very much.
My
understanding is :
1.For the default router is the necessary condition of
connecting to external networks, so if the host has not selected a router as its
default router, and an RA is received, in order to accelerate the ra
Dear IPv6 WG Chairs,
I previously sent this mail to the list at the time of the wg meeting in Paris
but there was no response. Has any decision been taken on how to move forward
with the IPv6 suite going towards full standard? I believe these items should
be looked at before RFC2460 goes forward
I will disagree restricting the usage of this protocol to Link Local only. This
is an helpful
tool when managing networks.
Adding a warning statement in the security section to recommend filtering out
this particular
ICMP message at site boundary should be enough.
- Alain.
_
Pekka Savola wrote:
I'm not sure if I understand your comment. Are you saying the ND proxy
spec is too complicated?
Well, I myself suggested removing the spanning tree loop prevention from
the draft completely (now it has a bit in the RAs) because it wasn't
needed in the applicability we ha
Title: About CPS message of SEND in IPv6
I'm not sure I follow your questions, but here is what I think
the intent is.
If the host has received an RA (solicited or beaconed) from a
router and has decided to select that router as its default, it can unicast the
CPS directly to the router.
Roger Jorgensen wrote:
> On Tue, 20 Sep 2005, Joe Touch wrote:
>
>>Danny Mayer wrote:
>>
>>>Brian E Carpenter wrote:
>>>
Jari Arkko wrote:
...
>o Whether we actually want to define a secure approach to
>proxies. Here I'd personally be OK even with no security
>for proxyi
The problem is that there is no mandatory mechinism to obtain IPv6 addresses
from nodes. This severly limits the ability to manage IPv6 networks.
-Original Message-
From: Jari Arkko [mailto:[EMAIL PROTECTED]
Sent: Wednesday, September 21, 2005 12:30
To: Pashby, Ronald W CTR NSWCDD-B35
Cc:
On Tue, 20 Sep 2005, Joe Touch wrote:
> Danny Mayer wrote:
> > Brian E Carpenter wrote:
> >> Jari Arkko wrote:
> >> ...
> >>> o Whether we actually want to define a secure approach to
> >>> proxies. Here I'd personally be OK even with no security
> >>> for proxying, as long as the above issues were
I would be happy with configuration feature that would allow:
1) Use old (depricated) multicast address
2) Use Solicited Node range multicast address
3) Disable name hashed multicast addresses completly
The RFC would depricate the old multicast address.
Given these changes then I could recommend u
Pashby, Ronald W CTR NSWCDD-B35 wrote:
The problem with promiscuous monitoring in a switched network is that, if is more than one switch
you would need monitors on each switch, because traffic that is between two ports on the same
switch does not get forwarded to the other switch. Another prob
The problem with promiscuous monitoring in a switched network is that, if is
more than one switch you would need monitors on each switch, because traffic
that is between two ports on the same switch does not get forwarded to the
other switch. Another problem with promiscuous monitoring is the am
In the light of the previous discussion I had with Ron on this subject,
it occurs to me that it would address Ron's issue if responders joined
both the old 32 bit and the Solicited Node related multicast addresses.
Queriers that are worried about real time issues can use the new
Solicited Node
Another set of quick comments:
There are two well documented vulnerabilities in the basic IPv6
architecture: Neighbor Discover spoofing and Host Redirection.
There is the SeND RFC [send] that addresses authenticating these
interactions. Certain networks may choose not to uses (or cannot
use) S
Elwyn Davies wrote:
Some comments:
<>
s6.4.1: [wish list] It occurs to me with the mention of tunnels that a
Qtype to find out about the addresses associated with (e.g.)
configured tunnels would be useful (v6 in v4 for example).
Brian asked me to propose some text for this. Here is my su
Brian Haberman wrote:
On Aug 1, 2005, at 2:08, Pekka Savola wrote:
<>
Specifically, I'm very concerned about its use with global addresses,
over
the Internet. This has a potential to turn into a kitchen sink
protocol,
which can be used to do query anything at all from a random node.
Thi
Hi,
Some quick comments:
I think its valuable to work on limits to ensure that
existing mechanisms don't cause denial-of-service or
flooding.
Good
network security mandates good network management for detecting
unauthorized devices on the network.
It would seem that the recommended mechanis
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Danny Mayer wrote:
> Brian E Carpenter wrote:
>
>> Jari Arkko wrote:
>> ...
>>
>>> o Whether we actually want to define a secure approach to
>>> proxies. Here I'd personally be OK even with no security
>>> for proxying, as long as the above issues w
Brian E Carpenter wrote:
Jari Arkko wrote:
...
o Whether we actually want to define a secure approach to
proxies. Here I'd personally be OK even with no security
for proxying, as long as the above issues were corrected.
But you could also argue the other way; the IETF usually
does require manda
Title: Solicit comments on draft-pashby-ipv6-detecting-spoofing-00.txt
This draft was presented in Paris, but did not have time for discussion. We would appreciate any comments.
IETF IPv6 working group mailing list
ipv6@i
Title: Solicit comments on draft-pashby-ipv6-network-discovery-00.txt
This draft was presented in Paris, however there was not enough time to disscuss it there.
There was some discussion on the list regarding using an all hosts multicast for network discovery. This draft does not "add" tha
> I am fine with that it is the sense that this new group can over-rule
> the IETF process that is all.
I don't believe anyone ever suggested this would be the case.
> A PS has to have continued technical
> review and Thomas could have expressed his concerns in the IPv6 WG.
Note: this document i
I am fine with that it is the sense that this new group can over-rule
the IETF process that is all. A PS has to have continued technical
review and Thomas could have expressed his concerns in the IPv6 WG.
/jim
> -Original Message-
> From: Brian E Carpenter [mailto:[EMAIL PROTECTED]
>
Actually Jim, it is an open mailing list and they
hold open Area meetings, so I don't see your concern.
The point isn't overruling. It's that when an IPv6 document
covers IPv4 topics, then the wider perspective is relevant.
But more to the point - a number of specific technical
issues have been r
Title: About CPS message of SEND in IPv6
Hi, all experts
I have one question about
"When soliciting certificates for a router, a host MUST send
Certification Path Solicitations either to the All-Routers multicast
address, if it has not selected a default router yet, or to the
d
24 matches
Mail list logo