Florian,
At 11:51 AM 08/11/2004, Florian Weimer wrote:
* Pekka Savola:
> The justification is simple: any "magic" packets which all routers on
> the path must somehow examine and process seems a very dubious concept
> when we want to avoid DoS attacks etc.
Any packet with IP options is more or less in that category right now,
so it's a very long way to go.[1] IPv6 seems to make things even
worse. 8-(
That's not quite correct. Unlike IPv4, IPv6 has two types of options,
hop-by-hop and destination options. The destination options are useful
because they are only looked at by the destination host and are not
examined by routers. Routers only have to look at the hop by hop options
and their presence in the packet is easy to detect. See RFC2460 for details.
I am not a fan of hop-by-hop options and am sympathetic to Pekka's
suggestion, but I don't think it will be possible to prohibit their use. I
wouldn't object to discouraging their use and agree we should think very
hard about defining any new ones.
Bob
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf