メインコンテンツまでスキップ

6. Security Considerations

この節では SRH AltMark TLV experiment の RFC テキストを保持し, Alternate-Marking Method, SRv6, SRH, FlowMonID, L and D flags, NH, enhanced fields, controlled-domain requirements, security, IANA considerations を扱う.

RFC 原文

6.  Security Considerations

The security considerations of SRv6 are discussed in [RFC8754] and
[RFC8986], and the security considerations of Alternate Marking in
general and its application to IPv6 are discussed in [RFC9341] and
[RFC9343].

[RFC9343] analyzes different security concerns and related solutions.
These aspects are valid and applicable also to this document. In
particular, the fundamental security requirement is that Alternate
Marking MUST only be applied in a limited domain, as also mentioned
in [RFC8799] and Section 2.1.

Alternate Marking is a feature applied to a trusted domain, where a
single operator decides on leveraging and configuring Alternate
Marking according to their needs. Additionally, operators need to
properly secure the Alternate-Marking domain to avoid malicious
configuration and attacks, which could include injecting malicious
packets into a domain. Therefore, the implementation of Alternate
Marking is applied within a controlled domain where the network nodes
are locally administered and where packets containing the AltMark TLV
are prevented from entering or leaving the domain. A limited
administrative domain provides the network administrator with the
means to select, monitor, and control the access to the network.