FYI The IESG wrote: > The IESG has approved the following document: > > - 'Deprecation of Type 0 Routing Headers in IPv6 ' > <draft-ietf-ipv6-deprecate-rh0-01.txt> as a Proposed Standard > > This document is the product of the IP Version 6 Working Group. > > The IESG contact persons are Jari Arkko and Mark Townsley. > > A URL of this Internet-Draft is: > http://www.ietf.org/internet-drafts/draft-ietf-ipv6-deprecate-rh0-01.txt > > Technical Summary > > The functionality provided by IPv6's Type 0 Routing Header can be > exploited in order to achieve traffic amplification over a remote > path for the purposes of generating denial-of-service traffic. This > document updates the IPv6 specification to deprecate the use of IPv6 > Type 0 Routing Headers, in light of this security concern. > > Working Group Summary > > This document is a product of the IPv6 WG. Considerable > discussion of the impacts of the Type 0 processing > has happened over the course of the last few months. > The document, as it currently stands, has the backing > of the (rough) consensus of the group. However, the > topic has generated a lot heated discussion, and this > action is not unanimously supported by everyone in the > group. Counter arguments against deprecation have > raised potential (but so far unused) applications, > difficulty of introducing new similar functionality > once the feature has been disabled, ability to > deal with this issue in an operational manner, > the difference to the IPv4 situation (where source > routing is still a part of the specifications), etc. > > The authors, chairs, and the AD believe, however, that > the current contents of the document have the backing > of the majority of the group, and that the recommendation > is a valid one. In particular, new RH types can and > have been defined for more specialized uses safely, > and it would be hard to depend on RH0 in new applications, > given that it has legitimate security issues and > that irrespective of IETF's documents, this feature > is largely disabled in many IPv6 implementations. > > Protocol Quality > > Jari Arkko has reviewed this document for the IESG. Several > implementations of IPv6 have for a long time not allowed > Type 0 Routing Header processing by default; recently > a number of implementations (BSD, for instance) have > disabled it in accordance with this document's > recommendations. > > Call for input also in NANOG list was made. > > Note to RFC Editor > > Please change: > > OLD: > IPv6 nodes MUST NOT process RH0 in packets whose > destination address in the IPv6 header is an address assigned to them. > Such packets... > NEW: > An IPv6 node that receives a packet with a > destination address assigned to it and containing an RH0 extension > header MUST NOT execute the algorithm specified in the latter part > of Section 4.4 of [RFC2460] for RH0. Instead such packets... > > OLD: > type-2 RH > NEW: > type 2 Routing Header > > > _______________________________________________ > IETF-Announce mailing list > [EMAIL PROTECTED] > https://www1.ietf.org/mailman/listinfo/ietf-announce > > >
-------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------