DNSOP mailing list

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: dnsop@cafax.se
From: Michael Richardson <mcr@sandelman.ottawa.on.ca>
Date: Thu, 17 Jul 2003 12:51:59 +0200
In-reply-to: Your message of "Wed, 16 Jul 2003 18:04:20 BST." <20030716170420.GH3731@login.ecs.soton.ac.uk>
Sender: owner-dnsop@cafax.se
Subject: Re: TR : Stepping back on the DNS discovery discussion

-----BEGIN PGP SIGNED MESSAGE-----


>>>>> "Tim" == Tim Chown <tjc@ecs.soton.ac.uk> writes:
    Tim> So where do you draw the boundary between "network device
    Tim> autoconfiguration"  
    Tim> and "service discovery".   For IPv4, you (manually or via DHCP)
    Tim> configure 
    Tim> IPv4 address, netmask, gateway and DNS resolver(s) as the "basic"
    Tim> four components to be able to get up and running.   In IPv6, when
    Tim> using stateless  

  That's all you need *TODAY*.

  Given only those things, you are completely insecure. Anyone can spoof
your MAC address or IP address, anyone can feed to bad data, or spoof the
MAC of the nexthop router, etc.

  If you just want IPv6 to be IPv4-with-bigger-addresses, then fine, add
DNS info to the RA. But, NATv4 works just as well for many people.

  While some people feel that the location of the nearest print server isn't
critical information - it *is* if you run a print shop, and I arrive in
to print things. In fact, the location of the print server might be more
important than the gateway!!!! It is all in the eye of the beholder.

  If you want to be useful, then we need all of the other things that we
have been doing with DHCPv4 for years to be available reliably. This means
many other things too.

  Put the address of the DHCPv6 server in the RA, if you want to put anything
in the RA. I know that there are ways to address it otherwise as well.

]                   At IETF57 in Wien, Austria                  |  firewalls  [
]   Michael Richardson, Sandelman Software Works, Ottawa, ON    |net architect[
] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
] printk("Just another Debian GNU/Linux using, kernel hacking, security guy");[





-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
Comment: Finger me for keys

iQCVAwUBPxZ/zoqHRg3pndX9AQGZ2QQAgUD6f2fgKwnVRP+RJoBTrVf1EXtwMEw2
sEZLfj1ucMCKumCtQJgNq5gTTiAJo7waYAezaY6fPgzWISmV9eWlUuVKqIj3Dus6
rrbWy0uZF80PtR935bVyZAw8QKIWzofD4c8eACz4AnH/GX5XWYacLuin4NZ0Z30Z
Fkpbhscz+BU=
=umqV
-----END PGP SIGNATURE-----
#----------------------------------------------------------------------
# To unsubscribe, send a message to <dnsop-request@cafax.se>.

References:
- Re: TR : Stepping back on the DNS discovery discussion
  - From: Tim Chown <tjc@ecs.soton.ac.uk>

Prev by Date: Re: regarding the respsize draft: preferring glue of certain types
Next by Date: Re: proposal for a compromise on DNS discovery
Prev by thread: Re: TR : Stepping back on the DNS discovery discussion
Next by thread: Re: TR : Stepping back on the DNS discovery discussion
Index(es):
- Date
- Thread

Home | Date list | Subject list