Hi, On Thu, Feb 24, 2022 at 06:11:59PM +0000, Vasilenko Eduard via ipv6-wg wrote:
Eh. So, you might want to consider not deploying insecure technology (SRv6) that has very obvious security problems, as has been pointed out on the various IETF lists, or misusing address space for something it is not meant for.
The next solution in the same draft https://datatracker.ietf.org/doc/html/draft-ietf-spring-srv6-srh-compression... does not have the same problem. It has just one copy of the prefix in the destination address. Hence, it could be any length (even bigger the /64).
Much better wrt address consumption, but still SR6 has unsolved security problems. As a consequence, SR6 can only be deployed if your network is fully disconnected from everyone else (including possibly untrusted customers) - and if you have that, it does not really matter what addresses you use. Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279