Re: Re: [ssm] what to say about scoping for v6 [was ...last call...]
Pekka Savola <pekkas@netcore.fi> Thu, 13 March 2003 18:58 UTC
Received: from www1.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA12843 for <ssm-archive@odin.ietf.org>; Thu, 13 Mar 2003 13:58:51 -0500 (EST)
Received: (from mailnull@localhost) by www1.ietf.org (8.11.6/8.11.6) id h2DJDOU21832 for ssm-archive@odin.ietf.org; Thu, 13 Mar 2003 14:13:24 -0500
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h2DJDOO21829 for <ssm-web-archive@optimus.ietf.org>; Thu, 13 Mar 2003 14:13:24 -0500
Received: from www1.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA12819 for <ssm-web-archive@ietf.org>; Thu, 13 Mar 2003 13:58:20 -0500 (EST)
Received: from www1.ietf.org (localhost.localdomain [127.0.0.1]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h2DJCgO21781; Thu, 13 Mar 2003 14:12:42 -0500
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h2DJBLO21679 for <ssm@optimus.ietf.org>; Thu, 13 Mar 2003 14:11:21 -0500
Received: from netcore.fi (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA12753 for <ssm@ietf.org>; Thu, 13 Mar 2003 13:56:17 -0500 (EST)
Received: from localhost (pekkas@localhost) by netcore.fi (8.11.6/8.11.6) with ESMTP id h2DIvD123975; Thu, 13 Mar 2003 20:57:13 +0200
Date: Thu, 13 Mar 2003 20:57:13 +0200
From: Pekka Savola <pekkas@netcore.fi>
To: Hugh Holbrook <holbrook@cisco.com>
cc: Brian Haberman <bkhabs@nc.rr.com>, ssm@ietf.org
Subject: Re: Re: [ssm] what to say about scoping for v6 [was ...last call...]
In-Reply-To: <20030312230130.0B9C910B7A7@holbrook-laptop.cisco.com>
Message-ID: <Pine.LNX.4.44.0303132055350.23956-100000@netcore.fi>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"
Sender: ssm-admin@ietf.org
Errors-To: ssm-admin@ietf.org
X-BeenThere: ssm@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ssm>, <mailto:ssm-request@ietf.org?subject=unsubscribe>
List-Id: Source-Specific Multicast <ssm.ietf.org>
List-Post: <mailto:ssm@ietf.org>
List-Help: <mailto:ssm-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ssm>, <mailto:ssm-request@ietf.org?subject=subscribe>
On Wed, 12 Mar 2003, Hugh Holbrook wrote: > Neither source nor destination address scoping should not be used as > a security measure. In some (many?) currently-deployed IPv6 routers (that > do not conform to [SCOPED-ARCH]), scope boundaries are not applied > to the source address. Such a router may incorrectly forward an > SSM channel (S,G) through a scope boundary for S. > > (Of course this is less likely to happen than one might think at first > because, when forwarding a join, a router typically does a destination > lookup on S to figure out the next hop....) > > This is slightly less tautological, I guess. I'd welcome improvements > or any alternative text, though. This is OK by me, but I might propose a slight modification, s/are not applied/are not always applied/ (ie. it's typical to filter out link-locals because they're "easy" but it's not an all or nothing issue). -- Pekka Savola "You each name yourselves king, yet the Netcore Oy kingdom bleeds." Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings _______________________________________________ ssm mailing list ssm@ietf.org https://www1.ietf.org/mailman/listinfo/ssm
- [ssm] another last call for draft-ietf-ssm-arch -… Hugh Holbrook
- Re: [ssm] another last call for draft-ietf-ssm-ar… Pekka Savola
- Re: Re: [ssm] another last call for draft-ietf-ss… Hugh Holbrook
- Re: Re: [ssm] another last call for draft-ietf-ss… Pekka Savola
- Re: [ssm] another last call for draft-ietf-ssm-ar… Brian Haberman
- Re: [ssm] another last call for draft-ietf-ssm-ar… Pekka Savola
- Re: [ssm] another last call for draft-ietf-ssm-ar… Brian Haberman
- Re: [ssm] another last call for draft-ietf-ssm-ar… Pekka Savola
- Re: [ssm] another last call for draft-ietf-ssm-ar… Brian Haberman
- Re: Re: Re: [ssm] another last call for draft-iet… Hugh Holbrook
- [ssm] what to say about scoping for v6 [was ...la… Hugh Holbrook
- [ssm] permanent ipv6 ssm addresses [was ...last c… Hugh Holbrook
- Re: [ssm] permanent ipv6 ssm addresses [was ...la… Brian Haberman
- Re: [ssm] another last call for draft-ietf-ssm-ar… Brian Haberman
- Re: [ssm] what to say about scoping for v6 [was .… Brian Haberman
- Re: Re: [ssm] permanent ipv6 ssm addresses [was .… Hugh Holbrook
- Re: [ssm] what to say about scoping for v6 [was .… Pekka Savola
- Re: Re: [ssm] what to say about scoping for v6 [w… Hugh Holbrook
- Re: [ssm] what to say about scoping for v6 [was .… Brian Haberman
- Re: Re: [ssm] what to say about scoping for v6 [w… Pekka Savola
- Re: [ssm] what to say about scoping for v6 Hitoshi Asaeda
- Re: Re: Re: [ssm] what to say about scoping for v… Hugh Holbrook
- Re: [ssm] what to say about scoping for v6 Pekka Savola
- Re: [ssm] what to say about scoping for v6 [was .… Brian Haberman
- Re: [ssm] what to say about scoping for v6 [was .… Pekka Savola
- Re: Re: [ssm] what to say about scoping for v6 [w… Hugh Holbrook
- Re: Re: [ssm] what to say about scoping for v6 [w… Pekka Savola
- Re: Re: [ssm] another last call for draft-ietf-ss… Hugh Holbrook