tech-net archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: ICMPv6 redirects
On Mon, 7 Sep 2009 19:59:32 -0400 (EDT)
der Mouse <mouse%Rodents-Montreal.ORG@localhost> wrote:
> > I do understand why this is implemented this way. But shouldn't
> > this be tunable?
>
> That depends on the extent to which you agree with the point of view
> that the IPv6 design people know better than you do how your network
> should be set up. I've run into parallel issues myself often enough;
> I've been told everything from I should always use prefixlen 64 to I
> should never do static routing.
>
> I prefer not to drink the koolaid. I work on the "as if" principle:
> if you can't tell from the outside whether I'm doing it, it's not
> appropriate to gratuitously forbid it.
>
> But, of course, I didn't write the code, and if I did write code that
> implements that I, um, doubt it would be accepted, shall we say.
>
In this case, though, there's a security issue, though arguably one
that's not a lot more serious than Neighbor Discovery without SEND.
--Steve Bellovin, http://www.cs.columbia.edu/~smb
Home |
Main Index |
Thread Index |
Old Index