Sorry, I should have said NDP options and not ICMPv6 options. Roque. On Jun 10, 2010, at 11:15 AM, Roque Gagliano wrote: > Hi Tim, > >> We could add text about this. That would involve some mention of the problem in Section 1 (introduction), perhaps a brief discussion as an extra point in Section 5, and adding the mitigation mentioned in draft-ietf-6man-dns-options-bis-02 of disabling the host from processing DNS options in the RA (assuming the host implementation supports that of course, which isn't a MUST in the draft as far as I can see). Other than that, I think the text in the draft about rogue RA 'badness' is generic enough to cover bad DNS information. I'm happy to work with Stig on such text if it's deemed useful, and won't hold up publication too much more. >> >> I note that draft-ietf-6man-dns-options-bis-02, which passed 6man WG last call, makes no reference to the rogue RA draft in its own security discussion, and also no mention of RA Guard. >> > > Why would the dns-option be different from any other ICMPv6 option in this draft context? I would keep the text generic on reference to ICMP options. > > Roque > >> Tim >
Attachment:
smime.p7s
Description: S/MIME cryptographic signature