Re: [ssm] what to say about scoping for v6

[Pekka Savola <pekkas@netcore.fi>]

On Wed, 12 Mar 2003, Hitoshi Asaeda wrote:
> >   Note that when forwarding or processing SSM, the scope of both S and G 
> >   may have to be considered [SCOPED-ARCH]; in particular, if the unicast 
> >   scope of S is smaller than respective multicast scope of G, the packets 
> >   might end up forwarded outside of the scope of S.  Therefore, limited 
> >   scopes should be avoided and must not be used as a security mechanism.
> 
> Although I didn't completely follow every mail of this subject, for
> me, it is simple that;
> 
>        an end-node should not request any (S,G) join whose unicast
>        address scope and multicast address scope are not same. If the
>        kernel receives such request, it should discard it. Likewise,
>        if a router receives such join request, it should also discard
>        it.
> 
> Why isn't it reasonable?

What corresponds to organization-local multicast scope?

(seriously, one of the points in this doc was trying to avoid normative 
language on unicast scoping issues, and leave it to the scoped address 
architecture.)

-- 
Pekka Savola                 "You each name yourselves king, yet the
Netcore Oy                    kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings


_______________________________________________
ssm mailing list
ssm@ietf.org
https://www1.ietf.org/mailman/listinfo/ssm