ietf
[Top] [All Lists]

RE: Problem of blocking ICMP packets

2004-06-16 20:22:15

 "As Figure 5 shows, in many cases no connection was 
established when
 the [IP] Record Route Option or the [IP] Timestamp Option 
was included in 
 the SYN packet.  When IP Option X [a new IP Option; e.g., 
QuickStart]
 is included in the SYN segment, the connection was not established
 to over 70% of the web servers tested.  This does not 
bode well for
 the deployment of new IP options in the Internet."

It implies that mobile IPv6 depndeing on routing header
may not work.

=> This statement is true IFF people assume that 
Record Route Option == Routing header type 2 used for MIPv6.
Of course that is not true because there are security
implications for using routing header type 2 and an
assumption that the end node will verfiy such use. Moreover,
RH type 2 will not impact other nodes behind the FW
if used in a malicious way. All this points to two things:
1. The two are not equivalent, and
2. We need to make sure that network admins know (1). 

Hesham


===========================================================
This email may contain confidential and privileged material for the sole use
 of the intended recipient.  Any review or distribution by others is strictly
 prohibited.  If you are not the intended recipient please contact the sender
 and delete all copies.
===========================================================


_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf


<Prev in Thread] Current Thread [Next in Thread>