ISP customer assignments

• Previous message (by thread): ISP customer assignments
• Next message (by thread): ISP customer assignments
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 05/10/09 16:43 -0400, Ricky Beam wrote:
> [here we go again]
>
> On Mon, 05 Oct 2009 14:37:49 -0400, William Herrin  
> <herrin-nanog at dirtside.com> wrote:
>> Some clever guy figured out that ... why not
>> add an extra 64 bits for that very convenient improvement? This is
>> called "stateless autoconfiguration."
>
> Except that "clever guy" was in fact an idiot blinded by idealism.  Not  
> only did he fail to see the security implications of having a fixed  
> address, but he'd apparently spent his entire life under a rock, on an  

a publicly routeable stateless auto configured address is no less
secure than a publicly routeable address assigned by DHCP. Security is, and
should be, handled by other means.

> island, on another planet... he completely ignored the fact that people  
> were using DHCP [formerly known as BOOTP] (and have been now for over a  
> decade) to provide machines with FAR MORE than just an address.  A 

That's what stateless DHCP does.

>> Some even more clever guy figured out that if the first clever guy's
>> strategy is used, it becomes a trivial matter to track someone
>> online... ...
>> stateless autoconfiguration will probably end up being a waste.
>
> It's ALWAYS been a waste.  All these supposed "clever guys" failed to  
> learn from the mistakes that preceded them and have doomed us to repeat  
> them... ICMP router discovery (technology abandoned so long ago, I'd  
> forgotten about it), RARP, bootp, dhcp.  SLAAC loops us back around to 
> the beginning.  Only this time, it's inescapable: I still have to have  
> something on the network spewing RAs for the sole purpose of telling  
> everything to use DHCP instead; there's a hard "class" boundary smack in  
> the middle of a "classless network" because these "clever guys" were lazy 
> and didn't want to figure out ways to avoid address collisions. 

I don't understand. You're saying you have overlapping class boundaries in
your network?

> (something modern IPv6 stacks do by default for privacy -- randomly 
> generated addresses have to be tested for uniqueness.)

-- 
Dan White
BTC Broadband

• Previous message (by thread): ISP customer assignments
• Next message (by thread): ISP customer assignments
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]