two shim6-esd-00 comments
Pekka Savola <pekkas@netcore.fi> Fri, 31 March 2006 09:32 UTC
Envelope-to: shim6-data@psg.com
Delivery-date: Fri, 31 Mar 2006 09:32:34 +0000
Date: Fri, 31 Mar 2006 12:32:24 +0300
From: Pekka Savola <pekkas@netcore.fi>
To: shim6@psg.com
Subject: two shim6-esd-00 comments
Message-ID: <Pine.LNX.4.64.0603311228160.24007@netcore.fi>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"; format="flowed"
Hi,
Two smaller comments, probably already made, on
draft-nordmark-shim6-esd-00.txt:
1) this obviously requires control over the reverse tree, which is by
no means given for generic shim6 audience, though it might be more
popular with sites which want to employ rewriting.
The shim performs the identifier to locator lookup very similarly
to normal IPv6 reverse lookups (form a query name based on the
nibbles in reverse order and append ip6.arpa), but it queries for
SRV records.
2) In the latter part of the example below, AFAICS, are you able to
use the Sent Locator immediately? This could be part of a 3rd party
[bombing] attack? Does it need to be probed first or is this
sufficiently secure as it is?
B processes the I1 message as specified in [7] to generate a R1
message. In addition, it copies the content of the Sent Locator
Pair option into a Received Locator Pair option. Host B must
decide whether it should send the R1 message to the IP source
address of the R1 message, or send it to the potentially different
Sender Locator in the Sent Locator Pair option in the I1 message.
Once B has made this decision, it puts the addresses, in this
example <B1, A2> in the IPv6 header as well as into a Sent Locator
Pair option.
--
Pekka Savola "You each name yourselves king, yet the
Netcore Oy kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings
- two shim6-esd-00 comments Pekka Savola
- Re: two shim6-esd-00 comments Erik Nordmark