Re: IPv6 RA vs DHCPv6 - The chosen one?

[Valdis.Kletnieks () vt edu]

On Fri, 23 Dec 2011 21:06:26 +0100, Tomas Podermanski said:
> On 12/23/11 4:33 AM, Owen DeLong wrote:
> > If there is actual real world demand for it, it will get implemented.
> > Reality is that today, DHCPv4 has been running just as insecure for many years
> > and nobody cares. I don't know why the bar for IPv6 should be so much higher
> > than IPv4.

> I can not agree with that. Many operators having customers into a shared
> segment and uses security features I mentioned before ( again DHCP
> snooping, ARP protection, source address validation).

Hate to inject some reality here - but Owen is totally correct here. That's all
stuff you do *because DHCPv4 is an insecure protocol*.  And a *lot* of places
don't do all that added security on the IPv4 side because it's not part of their
threat model, and probably don't want it on the IPv6 side for the same exact
reasons.

Attachment: _bin
Description: