Re: New (-02) version of IPv6 CPE Router draft is available for review

[Alain Durand <alain_durand@cable.comcast.com>]

On 7/23/08 4:26 AM, "EricLKlein@softhome.net" <EricLKlein@softhome.net>
wrote:

> The problem with addressing this problem with a service discovery protocol
> is that it will not meet the requirement of what to do when the router is
> the only service and is in need of initial configuration. In the past Cisco
> mandated that the console port was the way to do this while others have gone
> for a direct connect USB, but in a wireless situation there is no physical
> port to connect to while configuring the CPE.
> 
> So unless you want to replace a "well known IP address" with a "well known
> ULA" then we need to find another solution. Or are you proposing that we
> make the discovery protocol enable a "find and configure CPE/router" option?
> If so I have a problem with the security implications of such a wide open
> configuration requirement.

Eric,

From a security perspective, what is the difference between:

A) a router listening on 10.0.0.1 and allocating DHCPv4 address in a similar
range, asking people to configure it using http://[10.0.0.1]
B) the same thing using link local address, with the router being configured
using fe80::1 and asking people to configure it using http://[fe80::1]
C) the same replacing link local by ULA
D) having the router advertizing itself as a router using a service
discovery protocol a la Apple Bonjour?


In all those case, a 'bad guy' can easily impersonate the router.

  - Alain.