[e2e] It's all my fault
Jari Arkko
jari.arkko at piuha.net
Sat May 12 10:17:36 PDT 2007
Randy, David,
> it would be considerably more helpful if, instead of ad homina and
> vituperation, you actually spoke to the rh0 security issues and possible
> approaches to mitigation as a technical and engineering problem.
>
Indeed.
Implementors have largely already done the right thing
already earlier or else released patches in recent weeks.
We are also dealing with the removal/disable of RH0 in the
IPv6 WG list discussion. Other parts of the protocol stack
that needed something like routing header have already
years ago been designed to do something safe instead of
RH0.
My advice: if you have something to say about the way
which we should disable RH0, go to the IPv6 list. Or if
you can, apply a patch in your company's products or
networks. Or apply your energy in figuring out what
other vulnerabilities we have in our stacks; there's
plenty of work in this space...
Jari
More information about the end2end-interest
mailing list