[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: simple security
> > And remember, in the typical SLAAC scenario any device that understands RAs
> > will automatically get a global IPv6 address, there is not much you can
> > do about it.
>
> It doesn't have to be that way. Just because the RA contains a
> PIO with A=1 it does not mean that hosts MUST assign themselves an
> address in the prefix. They certainly don't need to assign themselves
> a *persistent* address if they don't offer services in any directories.
> Client-only hosts could restrict themselves to temporary global
> addresses on an as-needed basis.
>
> So, you see, it's perfectly reasonable to say that minidevices that
> assign themselves persistent addresses with SLAAC unnecessarily
> and without being secured properly are in error.
You seem to assume that devices like printers, multi media devices,
light switches, etc. are client-only device that have no need to communicate
unless prompted by the user.
In my experience, most of those devices tend to have server functionality
that is always on.