To:
"Michael Richardson" <mcr@sandelman.ottawa.on.ca>, <dnsop@cafax.se>
From:
"BELOEIL Luc FTRD/DMI/CAE" <luc.beloeil@francetelecom.com>
Date:
Thu, 17 Jul 2003 15:05:13 +0200
content-class:
urn:content-classes:message
Sender:
owner-dnsop@cafax.se
Thread-Index:
AcNMX1uM9Mw8gKcATeK/vxKMthR0gQABEteQ
Thread-Topic:
TR : Stepping back on the DNS discovery discussion
Subject:
RE : TR : Stepping back on the DNS discovery discussion
Hi Michael,
> -----Message d'origine-----
> De : Michael Richardson [mailto:mcr@sandelman.ottawa.on.ca]
> Envoyé : jeudi 17 juillet 2003 12:52
> À : dnsop@cafax.se
> Objet : Re: TR : Stepping back on the DNS discovery discussion
>
>
> -----BEGIN PGP SIGNED MESSAGE-----
>
>
> >>>>> "Tim" == Tim Chown <tjc@ecs.soton.ac.uk> writes:
> Tim> So where do you draw the boundary between "network device
> Tim> autoconfiguration"
> Tim> and "service discovery". For IPv4, you (manually
> or via DHCP)
> Tim> configure
> Tim> IPv4 address, netmask, gateway and DNS resolver(s)
> as the "basic"
> Tim> four components to be able to get up and running.
> In IPv6, when
> Tim> using stateless
>
> That's all you need *TODAY*.
>
> Given only those things, you are completely insecure.
> Anyone can spoof your MAC address or IP address, anyone can
> feed to bad data, or spoof the MAC of the nexthop router, etc.
>
> If you just want IPv6 to be IPv4-with-bigger-addresses,
> then fine, add DNS info to the RA. But, NATv4 works just as
> well for many people.
>
> While some people feel that the location of the nearest
> print server isn't critical information - it *is* if you run
> a print shop, and I arrive in to print things. In fact, the
> location of the print server might be more important than the
> gateway!!!! It is all in the eye of the beholder.
>
That is a good example where a STATEFULL architecture for autoconfiguration should be required! ;+)
> If you want to be useful, then we need all of the other
> things that we have been doing with DHCPv4 for years to be
> available reliably. This means many other things too.
>
I agree on that but that means MANY things that should be clarified.
> Put the address of the DHCPv6 server in the RA, if you want
> to put anything in the RA. I know that there are ways to
> address it otherwise as well.
>
Funny! ;+)
> ] At IETF57 in Wien, Austria
> | firewalls [
> ] Michael Richardson, Sandelman Software Works, Ottawa, ON
> |net architect[
> ] mcr@sandelman.ottawa.on.ca
> http://www.sandelman.ottawa.on.ca/ |device > driver[ ]
> printk("Just another Debian GNU/Linux using, kernel hacking,
> security guy");[
>
>
>
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.0.7 (GNU/Linux)
> Comment: Finger me for keys
>
> iQCVAwUBPxZ/zoqHRg3pndX9AQGZ2QQAgUD6f2fgKwnVRP+RJoBTrVf1EXtwMEw2
> sEZLfj1ucMCKumCtQJgNq5gTTiAJo7waYAezaY6fPgzWISmV9eWlUuVKqIj3Dus6
> rrbWy0uZF80PtR935bVyZAw8QKIWzofD4c8eACz4AnH/GX5XWYacLuin4NZ0Z30Z
> Fkpbhscz+BU=
> =umqV
> -----END PGP SIGNATURE-----
> #-------------------------------------------------------------
> ---------
> # To unsubscribe, send a message to <dnsop-request@cafax.se>.
>
#----------------------------------------------------------------------
# To unsubscribe, send a message to <dnsop-request@cafax.se>.