Florian,
At 11:51 AM 08/11/2004, Florian Weimer wrote:
* Pekka Savola:
> The justification is simple: any "magic" packets which all routers on > the path must somehow examine and process seems a very dubious concept > when we want to avoid DoS attacks etc.
Any packet with IP options is more or less in that category right now, so it's a very long way to go.[1] IPv6 seems to make things even worse. 8-(
That's not quite correct. Unlike IPv4, IPv6 has two types of options, hop-by-hop and destination options. The destination options are useful because they are only looked at by the destination host and are not examined by routers. Routers only have to look at the hop by hop options and their presence in the packet is easy to detect. See RFC2460 for details.
I am not a fan of hop-by-hop options and am sympathetic to Pekka's suggestion, but I don't think it will be possible to prohibit their use. I wouldn't object to discouraging their use and agree we should think very hard about defining any new ones.
Bob
_______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf