[6bone] Is minimum allocation /64 now?

Pekka Savola pekkas@netcore.fi
Fri, 24 Oct 2003 19:13:11 +0300 (EEST)

Previous message: [6bone] Is minimum allocation /64 now?
Next message: [6bone] Is minimum allocation /64 now?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, 24 Oct 2003, Jørgen Hovland wrote:
> In some scenarios, we use /127 or /128 on p2p-links (the transport
> layer/protocol is irrelevant) because we do not want other third parties to
> communicate by grabbing an availible IP, or we do not want the other second
> party to be able to use more than 1 IP. This is a security concern we
> consider important. Does this mean that we have to use IP-filters in the
> future to setup p2p-links if the standard becomes /64 ?

First, I'm not sure if I see the threat you raise?  Could you describe the 
threat model a bit?  Are you deploying a p2p link towards an untrusted 
medium or a customer, and you'd be worried that someone from that link or 
the customer itself would use more than one IP?

Use of /128 should not have issues I think.. nor the use of filters, which
would probably always be the safest choice when in doubt.

Second, the _standard_ is _already_ /64.  Has been for about ten years
now.  Some folks just ignore it :-)

-- 
Pekka Savola                 "You each name yourselves king, yet the
Netcore Oy                    kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings

Previous message: [6bone] Is minimum allocation /64 now?
Next message: [6bone] Is minimum allocation /64 now?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]