nanog mailing list archives
Re: turning on comcast v6
From: Jeff Kell <jeff-kell () utc edu>
Date: Mon, 30 Dec 2013 21:05:47 -0500
On 12/30/2013 8:16 PM, Leo Bicknell wrote:
There's a reason why there's huge efforts to put RA guard in switches, and do cryptographic RA's.
These are two admissions that the status quo does not work for many folks, but for some reason these two solutions get pushed over a simple DHCP router assignment option. The more disturbing "feature" for those that have been there, done that, debugged the meltdown, and tried to avoid repeating the issue is the growing proliferation of "automatic" discovery/configuration... whether RA / SLAAC / mDNS / Bonjour / uPnP / (the list goes on...). There are too many opportunities for spoofing / MITM / self-propagating "issues". Yes, DHCP is prone to similar issues, but better to focus on "one" service and "one" authoritative source to try to lock down than to try to protect the plethora of growing options to introduce issues from arbitrary sources. But as the market focus appears to continue to try to address the home / SOHO environment of naive users, the "self-configuration" nastiness continues to propagate. It may fit at home / SOHO, but not in the Enterprise, and certainly not in a university environment where you can't be as "restrictive" on a universal basis as you might like to be :( Jeff
Attachment:
signature.asc
Description: OpenPGP digital signature
Current thread:
- Re: turning on comcast v6, (continued)
- Re: turning on comcast v6 Ryan Harden (Dec 30)
- Re: turning on comcast v6 Blake Dunlap (Dec 30)
- Re: turning on comcast v6 Lee Howard (Dec 30)
- Re: turning on comcast v6 Victor Kuarsingh (Dec 30)
- Re: turning on comcast v6 Leo Bicknell (Dec 30)
- Re: turning on comcast v6 Victor Kuarsingh (Dec 30)
- Re: turning on comcast v6 Blake Dunlap (Dec 31)
- Re: turning on comcast v6 Leo Bicknell (Dec 30)
- Re: turning on comcast v6 Owen DeLong (Dec 30)
- Re: turning on comcast v6 Leo Bicknell (Dec 30)
- Re: turning on comcast v6 Jeff Kell (Dec 30)
- Re: turning on comcast v6 Baldur Norddahl (Dec 31)
- Re: turning on comcast v6 Josh Hoppes (Dec 31)
- RE: turning on comcast v6 Tony Hain (Dec 31)
- Re: turning on comcast v6 Leo Bicknell (Dec 31)
- Re: turning on comcast v6 Lee Howard (Dec 30)
- Re: turning on comcast v6 Owen DeLong (Dec 30)
- Re: turning on comcast v6 Timothy Morizot (Dec 30)
- Re: turning on comcast v6 Ryan Harden (Dec 31)
- RE: turning on comcast v6 Tony Hain (Dec 31)
- Re: turning on comcast v6 Ryan Harden (Dec 31)