[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: IPv6 RH (was Re: SPD issues)
On Mon, 27 Oct 2003, Bill Sommerfeld wrote:
> > I think this is a bad idea. the local admin should use a firewall
> > to restrict traffic with routing headers if needed. he shouldnt
> > use the SPD to do this...
>
> Any code which consults the SPD to do policy enforcement can be
> thought of as a "firewall".
The SPD *is* a firewall. One serious flaw of RFC 2401 was that it did not
make this clear. The 2401bis draft does (section 2.1, second paragraph).
Henry Spencer
henry@spsystems.net