Re: 6to4 deployement issues - was 6to4 security questions

[Pekka Savola <pekkas@netcore.fi>]

On Fri, 22 Nov 2002, Brian E Carpenter wrote:
> > On Thu, 21 Nov 2002, Jeroen Massar wrote:
> > > > please think that to the end, it will not work without
> > > > re-specification _globally_.
> > > > We don't want to restrict 6to4 to ISPs' walled gardens.
> > >
> > > One ISP can have a trust relation with another ISP and announce
> > > the anycast prefix only to that other ISP so it can make use of it too.
> > > Source address verification should then ofcourse be extended by the
> > > other ISP's. This could be seen as a 'transit' type service, but then
> > > between the v4 and v6 world ;)
> > 
> > How will you send traffic from 2001:dead:beef::1 to 2002:0103:0405::1, if
> > 2001:dead:beef::/48 is not within the trust boundary?
> 
> Wrong question. The question is, does *any* 2002::/16 announcement
> reach dead:beef's ISP? If yes, whichever relay is the origin of
> that announcement will relay the traffic. The 2nd question is whether
> that particular relay is trusted by 0103:0405's 6to4 router.

Exactly.  In Jeroen's model, I believe, the particular relay would 
particully never be trusted.

Any such model model is broken.

6to4 routers do not have any ways of knowing where traffic will be coming 
from, so discarding packets because they didn't come from your two 
favourite relays is *wrong*.

Propagating more specific routes etc. avoids this problem as you have only 
one "home" relay.

-- 
Pekka Savola                 "Tell me of difficulties surmounted,
Netcore Oy                   not those you stumble over and fall"
Systems. Networks. Security.  -- Robert Jordan: A Crown of Swords