Re: Re: [ssm] what to say about scoping for v6 [was ...last call...]

Pekka Savola <pekkas@netcore.fi> Thu, 13 March 2003 18:58 UTC

Received: from www1.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA12843 for <ssm-archive@odin.ietf.org>; Thu, 13 Mar 2003 13:58:51 -0500 (EST)
Received: (from mailnull@localhost) by www1.ietf.org (8.11.6/8.11.6) id h2DJDOU21832 for ssm-archive@odin.ietf.org; Thu, 13 Mar 2003 14:13:24 -0500
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h2DJDOO21829 for <ssm-web-archive@optimus.ietf.org>; Thu, 13 Mar 2003 14:13:24 -0500
Received: from www1.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA12819 for <ssm-web-archive@ietf.org>; Thu, 13 Mar 2003 13:58:20 -0500 (EST)
Received: from www1.ietf.org (localhost.localdomain [127.0.0.1]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h2DJCgO21781; Thu, 13 Mar 2003 14:12:42 -0500
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h2DJBLO21679 for <ssm@optimus.ietf.org>; Thu, 13 Mar 2003 14:11:21 -0500
Received: from netcore.fi (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA12753 for <ssm@ietf.org>; Thu, 13 Mar 2003 13:56:17 -0500 (EST)
Received: from localhost (pekkas@localhost) by netcore.fi (8.11.6/8.11.6) with ESMTP id h2DIvD123975; Thu, 13 Mar 2003 20:57:13 +0200
Date: Thu, 13 Mar 2003 20:57:13 +0200
From: Pekka Savola <pekkas@netcore.fi>
To: Hugh Holbrook <holbrook@cisco.com>
cc: Brian Haberman <bkhabs@nc.rr.com>, ssm@ietf.org
Subject: Re: Re: [ssm] what to say about scoping for v6 [was ...last call...]
In-Reply-To: <20030312230130.0B9C910B7A7@holbrook-laptop.cisco.com>
Message-ID: <Pine.LNX.4.44.0303132055350.23956-100000@netcore.fi>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"
Sender: ssm-admin@ietf.org
Errors-To: ssm-admin@ietf.org
X-BeenThere: ssm@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ssm>, <mailto:ssm-request@ietf.org?subject=unsubscribe>
List-Id: Source-Specific Multicast <ssm.ietf.org>
List-Post: <mailto:ssm@ietf.org>
List-Help: <mailto:ssm-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ssm>, <mailto:ssm-request@ietf.org?subject=subscribe>

On Wed, 12 Mar 2003, Hugh Holbrook wrote:
>   Neither source nor destination address scoping should not be used as
>   a security measure.  In some (many?) currently-deployed IPv6 routers (that 
>   do not conform to [SCOPED-ARCH]), scope boundaries are not applied
>   to the source address.  Such a router may incorrectly forward an 
>   SSM channel (S,G) through a scope boundary for S.
> 
> (Of course this is less likely to happen than one might think at first
> because, when forwarding a join, a router typically does a destination
> lookup on S to figure out the next hop....)
> 
> This is slightly less tautological, I guess.  I'd welcome improvements
> or any alternative text, though.

This is OK by me, but I might propose a slight modification, s/are not 
applied/are not always applied/ (ie. it's typical to filter out 
link-locals because they're "easy" but it's not an all or nothing issue).

-- 
Pekka Savola                 "You each name yourselves king, yet the
Netcore Oy                    kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings

_______________________________________________
ssm mailing list
ssm@ietf.org
https://www1.ietf.org/mailman/listinfo/ssm