ietf
[Top] [All Lists]

RE: Problem of blocking ICMP packets

2004-06-17 05:39:33

On Wed, Jun 16, 2004 at 11:00:23PM -0400, Soliman Hesham wrote:
 >
 > It implies that mobile IPv6 depndeing on routing header
 > may not work.

=> This statement is true IFF people assume that
Record Route Option == Routing header type 2 used for MIPv6.
Of course that is not true because there are security
implications for using routing header type 2 and an
assumption that the end node will verfiy such use. Moreover,
RH type 2 will not impact other nodes behind the FW
if used in a malicious way. All this points to two things:
1. The two are not equivalent, and
2. We need to make sure that network admins know (1).

But (2) is the same issue with ICMP filtering ! So, I would not trust
admins to tell the difference.

=> No it's not the same... MIPv6 includes e2e security (authentication
and authorisation), I don't see people doing that with ping
or PMTUD. So one could put an argument for filtering some
of the ICMP messages. So far I don't see that as a valid
argument for MIPv6 RH type 2.

Hesham

===========================================================
This email may contain confidential and privileged material for the sole use
 of the intended recipient.  Any review or distribution by others is strictly
 prohibited.  If you are not the intended recipient please contact the sender
 and delete all copies.
===========================================================


_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf


<Prev in Thread] Current Thread [Next in Thread>