[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IPv6 w.g. Last Call on "IPv6 Node Information Queries"

>This looks like a strong draft.  Several issues exist though.
>1) There is no mention of RFC 3041 (privacy enhanced) addresses.  Both
>the issue as to if they should be responded with and if they should be
>responded to needs to be addressed.

	just FYI from implementation POV: KAME implementation does not
	include RFC3041 addresses in the response by default.  there's a
	configuration flag bit which makes the responder to include RFC3041
	addresses as well.

	i guess that sensible default would be not to include RFC3041 addresses.

>2) The security model is unclear as to the scope of responses.  There
>is a sentence in the "Security Consideration" section which states the
>implementation should have a default configuration which refuses to
>respond to global scope addresses.
>If this means that the protocol should be limited to link local
>addresses that should be stated directly.  Use of a 1 Hop Limit or 255
>Hop Limit with check would enforce this (see LLMNR for example and
>reasons).  I think limiting the protocol to the link local reduces
>its usefulness.

	i really would like to keep it usable globally (= do not limit
	it to link-local only).  we use the protocol to query name of
	intermediate routers, which is several hops away, for debugging

>If its not limited to the link local then this protocol should probably
>be filtered at the edge of the administrative domain.

	it is up to administrator of the domain, therefore i think
	recommendation like "SHOULD filter" is too strong.  how about
	"may want to filter" or something like that?

IETF IPng Working Group Mailing List
IPng Home Page:                      http://playground.sun.com/ipng
FTP archive:                      ftp://playground.sun.com/pub/ipng
Direct all administrative requests to majordomo@sunroof.eng.sun.com