[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: simple security

To: IPv6 Operations <v6ops@ops.ietf.org>
Subject: Re: simple security
From: james woodyatt <jhw@apple.com>
Date: Wed, 24 Mar 2010 10:15:24 -0700
In-reply-to: <m1NuS0m-0001dWC@stereo.hq.phicoh.net>
References: <001501caca91$769511b0$63bf3510$@org> <4BA9F465.8060608@cisco.com> <m1NuQa9-0001dlC@stereo.hq.phicoh.net> <4BAA1EFA.60108@cisco.com> <m1NuS0m-0001dWC@stereo.hq.phicoh.net>

On Mar 24, 2010, at 07:56, Philip Homburg wrote:
> 
> And remember, in the typical SLAAC scenario any device that understands RAs
> will automatically get a global IPv6 address, there is not much you can
> do about it.

It doesn't have to be that way.  Just because the RA contains a PIO with A=1 it does not mean that hosts MUST assign themselves an address in the prefix.  They certainly don't need to assign themselves a *persistent* address if they don't offer services in any directories.  Client-only hosts could restrict themselves to temporary global addresses on an as-needed basis.

So, you see, it's perfectly reasonable to say that minidevices that assign themselves persistent addresses with SLAAC unnecessarily and without being secured properly are in error.

--
james woodyatt <jhw@apple.com>
member of technical staff, communications engineering

Follow-Ups:
- Re: simple security
  - From: Philip Homburg <pch-v6ops@u-1.phicoh.com>

References:
- simple security
  - From: "Lee Howard" <lee@asgard.org>
- Re: simple security
  - From: Mark Townsley <townsley@cisco.com>
- Re: simple security
  - From: Philip Homburg <pch-v6ops@u-1.phicoh.com>
- Re: simple security
  - From: Mark Townsley <townsley@cisco.com>
- Re: simple security
  - From: Philip Homburg <pch-v6ops@u-1.phicoh.com>

Prev by Date: Re: simple security
Next by Date: Re: simple security
Previous by thread: Re: simple security
Next by thread: Re: simple security
Index(es):
- Date
- Thread