RE: Comments on draft-jinmei-ipv6-rfc2462bis-00.txt
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Comments on draft-jinmei-ipv6-rfc2462bis-00.txt
> >> my suggestion is to leave it SHOULD.
> >you didnt justify why. makes no sense on an unprotected network.
>
> i did. you did not quote my previous line.
>
> >> agree completely. if you allow enemy to be on-link you are
dead.
> >> my suggestion is to leave it SHOULD.
>
> this is just like physical security; if you allow people to
enter
> computer room, security mechanisms are pertty moot as bad guys
can
> use
> sledge hammer to break the computer.
Well, there are many networks that are open to the general public, for
example wifi networks at airports.
It is true that a bad guy on-link can do a lot of harm, some of which
can be alleviated by SEND. However, most of other attacks require a
constant stream of packets, and increase the risk that the attack will
be detected and traced. The recommendation to turn off the interface
amplifies the powers of this bad guy: they can kick someone off the
network with a single packet. In short, just because someone broke in,
there is no reason to hand her a sledge hammer.
-- Christian Huitema
--------------------------------------------------------------------
IETF IPv6 working group mailing list
ipv6@ietf.org
Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------
Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.
