To:
"Michael Richardson" <mcr@sandelman.ottawa.on.ca>, <dnsop@cafax.se>
From:
"BELOEIL Luc FTRD/DMI/CAE" <luc.beloeil@francetelecom.com>
Date:
Thu, 17 Jul 2003 15:05:13 +0200
content-class:
urn:content-classes:message
Sender:
owner-dnsop@cafax.se
Thread-Index:
AcNMX1uM9Mw8gKcATeK/vxKMthR0gQABEteQ
Thread-Topic:
TR : Stepping back on the DNS discovery discussion
Subject:
RE : TR : Stepping back on the DNS discovery discussion
Hi Michael, > -----Message d'origine----- > De : Michael Richardson [mailto:mcr@sandelman.ottawa.on.ca] > Envoyé : jeudi 17 juillet 2003 12:52 > À : dnsop@cafax.se > Objet : Re: TR : Stepping back on the DNS discovery discussion > > > -----BEGIN PGP SIGNED MESSAGE----- > > > >>>>> "Tim" == Tim Chown <tjc@ecs.soton.ac.uk> writes: > Tim> So where do you draw the boundary between "network device > Tim> autoconfiguration" > Tim> and "service discovery". For IPv4, you (manually > or via DHCP) > Tim> configure > Tim> IPv4 address, netmask, gateway and DNS resolver(s) > as the "basic" > Tim> four components to be able to get up and running. > In IPv6, when > Tim> using stateless > > That's all you need *TODAY*. > > Given only those things, you are completely insecure. > Anyone can spoof your MAC address or IP address, anyone can > feed to bad data, or spoof the MAC of the nexthop router, etc. > > If you just want IPv6 to be IPv4-with-bigger-addresses, > then fine, add DNS info to the RA. But, NATv4 works just as > well for many people. > > While some people feel that the location of the nearest > print server isn't critical information - it *is* if you run > a print shop, and I arrive in to print things. In fact, the > location of the print server might be more important than the > gateway!!!! It is all in the eye of the beholder. > That is a good example where a STATEFULL architecture for autoconfiguration should be required! ;+) > If you want to be useful, then we need all of the other > things that we have been doing with DHCPv4 for years to be > available reliably. This means many other things too. > I agree on that but that means MANY things that should be clarified. > Put the address of the DHCPv6 server in the RA, if you want > to put anything in the RA. I know that there are ways to > address it otherwise as well. > Funny! ;+) > ] At IETF57 in Wien, Austria > | firewalls [ > ] Michael Richardson, Sandelman Software Works, Ottawa, ON > |net architect[ > ] mcr@sandelman.ottawa.on.ca > http://www.sandelman.ottawa.on.ca/ |device > driver[ ] > printk("Just another Debian GNU/Linux using, kernel hacking, > security guy");[ > > > > > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.0.7 (GNU/Linux) > Comment: Finger me for keys > > iQCVAwUBPxZ/zoqHRg3pndX9AQGZ2QQAgUD6f2fgKwnVRP+RJoBTrVf1EXtwMEw2 > sEZLfj1ucMCKumCtQJgNq5gTTiAJo7waYAezaY6fPgzWISmV9eWlUuVKqIj3Dus6 > rrbWy0uZF80PtR935bVyZAw8QKIWzofD4c8eACz4AnH/GX5XWYacLuin4NZ0Z30Z > Fkpbhscz+BU= > =umqV > -----END PGP SIGNATURE----- > #------------------------------------------------------------- > --------- > # To unsubscribe, send a message to <dnsop-request@cafax.se>. > #---------------------------------------------------------------------- # To unsubscribe, send a message to <dnsop-request@cafax.se>.