[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
IPv6 Confusion
Dale W. Carder wrote:
>
> On Feb 18, 2009, at 3:00 PM, Nathan Ward wrote:
>> On 19/02/2009, at 9:53 AM, Leo Bicknell wrote:
>>>
>>> Let me repeat, none of these solutions are secure. The IPv4/DHCP model
>>> is ROBUST, the RA/DHCPv6 model is NOT.
>>
>> The point I am making is that the solution is still the same -
>> filtering in ethernet devices.
>>
>> Perhaps there needs to be something written about detailed
>> requirements for this so that people have something to point their
>> switch/etc. vendors at when asking for compliance. I will write this
>> up in the next day or two. I guess IETF is the right forum for
>> publication of that.
>>
>> Is there something like this already that anyone knows of?
>
>
> http://tools.ietf.org/id/draft-chown-v6ops-rogue-ra-02.txt
>
> This is the last message I recall seeing in v6ops about it:
>
> "It seems to me that the L2 devices are welcome to perform
> whatever filtering they like regardless of any documents
> that might come from the IETF. Therefore, I'd like to see
> more pros/cons on this."
> http://ops.ietf.org/lists/v6ops/v6ops.2008/msg01733.html
There is also:
http://tools.ietf.org/html/draft-vandevelde-v6ops-ra-guard-01
> Cheers,
> Dale
>