IPv6 RA vs DHCPv6 - The chosen one?

Valdis.Kletnieks at vt.edu Valdis.Kletnieks at vt.edu
Fri Dec 23 14:44:30 CST 2011


On Fri, 23 Dec 2011 21:06:26 +0100, Tomas Podermanski said:
> On 12/23/11 4:33 AM, Owen DeLong wrote:
> > If there is actual real world demand for it, it will get implemented.
> > Reality is that today, DHCPv4 has been running just as insecure for many years
> > and nobody cares. I don't know why the bar for IPv6 should be so much higher
> > than IPv4.

> I can not agree with that. Many operators having customers into a shared
> segment and uses security features I mentioned before ( again DHCP
> snooping, ARP protection, source address validation).

Hate to inject some reality here - but Owen is totally correct here. That's all
stuff you do *because DHCPv4 is an insecure protocol*.  And a *lot* of places
don't do all that added security on the IPv4 side because it's not part of their
threat model, and probably don't want it on the IPv6 side for the same exact
reasons.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20111223/a186a9b6/attachment.bin>


More information about the NANOG mailing list