Re: Re: [ssm] what to say about scoping for v6 [was ...last call...]

[Pekka Savola <pekkas@netcore.fi>]

On Wed, 12 Mar 2003, Hugh Holbrook wrote:
>   Neither source nor destination address scoping should not be used as
>   a security measure.  In some (many?) currently-deployed IPv6 routers (that 
>   do not conform to [SCOPED-ARCH]), scope boundaries are not applied
>   to the source address.  Such a router may incorrectly forward an 
>   SSM channel (S,G) through a scope boundary for S.
> 
> (Of course this is less likely to happen than one might think at first
> because, when forwarding a join, a router typically does a destination
> lookup on S to figure out the next hop....)
> 
> This is slightly less tautological, I guess.  I'd welcome improvements
> or any alternative text, though.

This is OK by me, but I might propose a slight modification, s/are not 
applied/are not always applied/ (ie. it's typical to filter out 
link-locals because they're "easy" but it's not an all or nothing issue).

-- 
Pekka Savola                 "You each name yourselves king, yet the
Netcore Oy                    kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings

_______________________________________________
ssm mailing list
ssm@ietf.org
https://www1.ietf.org/mailman/listinfo/ssm