[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: IPv6 w.g. Last Call on "IPv6 Node Information Queries"



Itojun writes (in response to Michael Hunter):

> >This looks like a strong draft.  Several issues exist though.
> >
> >1) There is no mention of RFC 3041 (privacy enhanced) addresses.
Both
> >the issue as to if they should be responded with and if they should
be
> >responded to needs to be addressed.
> 
> 	just FYI from implementation POV: KAME implementation does not
> 	include RFC3041 addresses in the response by default.  there's a
> 	configuration flag bit which makes the responder to include
RFC3041
> 	addresses as well.
> 
> 	i guess that sensible default would be not to include RFC3041
> addresses.

Unless you have a way to generate a temporary name for a temporary 
addresses (e.g. one automatically generated from the address).
 
> >2) The security model is unclear as to the scope of responses.  There
> >is a sentence in the "Security Consideration" section which states
the
> >implementation should have a default configuration which refuses to
> >respond to global scope addresses.
> >
> >If this means that the protocol should be limited to link local
> >addresses that should be stated directly.  Use of a 1 Hop Limit or
255
> >Hop Limit with check would enforce this (see LLMNR for example and
> >reasons).  I think limiting the protocol to the link local reduces
> >its usefulness.
> 
> 	i really would like to keep it usable globally (= do not limit
> 	it to link-local only).  we use the protocol to query name of
> 	intermediate routers, which is several hops away, for debugging
> 	purposes.

I agree with itojun here.

> >If its not limited to the link local then this protocol should
probably
> >be filtered at the edge of the administrative domain.
> 
> 	it is up to administrator of the domain, therefore i think
> 	recommendation like "SHOULD filter" is too strong.  how about
> 	"may want to filter" or something like that?

I agree here too.

-Dave
 
> itojun
> --------------------------------------------------------------------
> IETF IPng Working Group Mailing List
> IPng Home Page:                      http://playground.sun.com/ipng
> FTP archive:                      ftp://playground.sun.com/pub/ipng
> Direct all administrative requests to majordomo@sunroof.eng.sun.com
> --------------------------------------------------------------------



--------------------------------------------------------------------
IETF IPng Working Group Mailing List
IPng Home Page:                      http://playground.sun.com/ipng
FTP archive:                      ftp://playground.sun.com/pub/ipng
Direct all administrative requests to majordomo@sunroof.eng.sun.com
--------------------------------------------------------------------