[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: simple security

To: Mark Townsley <townsley@cisco.com>
Subject: Re: simple security
From: Philip Homburg <pch-v6ops@u-1.phicoh.com>
Date: Wed, 24 Mar 2010 15:56:48 +0100
Cc: v6ops@ops.ietf.org
In-reply-to: Your message of "Wed, 24 Mar 2010 15:17:30 +0100 ." <4BAA1EFA.60108@cisco.com>
References: <001501caca91$769511b0$63bf3510$@org> <4BA9F465.8060608@cisco.com> <m1NuQa9-0001dlC@stereo.hq.phicoh.net> <4BAA1EFA.60108@cisco.com>

In your letter dated Wed, 24 Mar 2010 15:17:30 +0100 you wrote:
>If any of these devices get a global IPv6 address, I think they should 
>be expected to operate on the Global IPv6 Internet in a secure manner. 

I don't think anyone in the security community would find it reasonable
to expect all devices with global IPv6 address to operate in a secure manner.

There is more than enough evidence to suggest that in practice it will be
exactly the opposite.

And remember, in the typical SLAAC scenario any device that understands RAs
will automatically get a global IPv6 address, there is not much you can
do about it.

Follow-Ups:
- Re: simple security
  - From: james woodyatt <jhw@apple.com>
- Re: simple security
  - From: Mark Townsley <townsley@cisco.com>

References:
- simple security
  - From: "Lee Howard" <lee@asgard.org>
- Re: simple security
  - From: Mark Townsley <townsley@cisco.com>
- Re: simple security
  - From: Philip Homburg <pch-v6ops@u-1.phicoh.com>
- Re: simple security
  - From: Mark Townsley <townsley@cisco.com>

Prev by Date: Re: On filibusters as a mode of technical discussion
Next by Date: Re: simple security
Previous by thread: Re: simple security
Next by thread: Re: simple security
Index(es):
- Date
- Thread