Re: Should routers send redirects by default?

["Dobbins, Roland" <rdobbins () arbor net>]

On Aug 21, 2010, at 12:20 AM, Christopher Morrow wrote:

>  o routers are required to be able to send redirect messages
>  o routers should NOT do this by default

I concur with this position from an opsec standpoint; at the same time, I don't know that *mandating* a default 
configuration setting for a legal (if largely iatrogenic) mode of operation is something that the IETF should be doing.

Here's an alternate formulation which gets the point across, but doesn't stray into the area of :

1.      Routers are required to be able to send redirect messages.

2.      It is recommended that routers should NOT do this by default.

As was mentioned somewhere in the 6man thread, the root of the problem has to do with the ugliness of IPv6 in general, 
and the whole v6 ICMP/ND mess in particular.  Unfortunately, those ships have long since sailed; while it's tempting to 
try and retrofit fixes for poor design decisions in the fundamental protocol specifications by mandating sane 
implementation defaults in conformance documents, a recommendation rather than a mandate seems more 
situationally-appropriate in this context.  

The 'right way', impractical though it may be, is in fact to fix this problem is to go back and fix the protocol 
specifications; since that isn't going to happen, making recommendations gets the point across without being 
overbearing.

YMMV, of course.

-----------------------------------------------------------------------
Roland Dobbins <rdobbins () arbor net> // <http://www.arbornetworks.com>

    Injustice is relatively easy to bear; what stings is justice.

                        -- H.L. Mencken