[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: simple security
On Mar 24, 2010, at 07:56, Philip Homburg wrote:
> And remember, in the typical SLAAC scenario any device that understands RAs
> will automatically get a global IPv6 address, there is not much you can
> do about it.
It doesn't have to be that way. Just because the RA contains a PIO with A=1 it does not mean that hosts MUST assign themselves an address in the prefix. They certainly don't need to assign themselves a *persistent* address if they don't offer services in any directories. Client-only hosts could restrict themselves to temporary global addresses on an as-needed basis.
So, you see, it's perfectly reasonable to say that minidevices that assign themselves persistent addresses with SLAAC unnecessarily and without being secured properly are in error.
james woodyatt <email@example.com>
member of technical staff, communications engineering