achernya
commented
7 months ago Perhaps I'm misremembering, but I thought we had some affirmative nods that this could be a future extension?
Closed asedeno closed 2 months ago
achernya
commented
7 months ago Perhaps I'm misremembering, but I thought we had some affirmative nods that this could be a future extension?
asedeno
commented
2 months ago If folks want this, I'm not opposed to accepting a PR around it. Otherwise, future extension it is.
mirjak
commented
2 months ago Thanks for closing this issue. I just want to note that this was discussed at IETF-119 and there was agreement to leave this to future extensions. Also I note that we do discuss the risk of arbitrary forwarding in the security considerations. I guess we could add another note that proxies could be configured to limit forwarding to only pre-configured addresses but that any dynamic signalling or negotiation of MAC address filtering is left to future extensions...?
At IETF 118, some kind of MAC address filtering was suggested. Perhaps a client will only ever present traffic from a single MAC address, so that should be registered as part of the connection and packets from a different source address should be dropped, possibly terminating the connection.
This could be useful for clients proxying a single user/node, but less so for clients bridging whole networks.
Do we want to support this? If so, how should it be configured?