Perry Harrington wrote:
>
> I don't think the behavior should change because of DSR. DSR is more useful
> than 'rightness' in my opinion. A switch to turn it off if you don't want it is
> something I'd advocate, but the default should be 'on'.
The FreeBSD guys are making the behaviour switchable with a sysctl, I
believe. However, the default position should clearly be strong, not
weak - people who want weak are rare and really ought to know what
they're doing. POLA dictates that "internal" routing should not occur
when routing is disabled. Further, there's no circumstance I can think
of where it makes sense to route 127/8 from an external interface! That
behaviour should not be switchable.
Cheers,
Ben.
>
> --Perry
>
> On Mon, Mar 05, 2001 at 06:18:33PM -0800, [EMAIL PROTECTED] wrote:
> > On Mon, 5 Mar 2001, Perry Harrington wrote:
> >
> > > In short, yes security through obscurity is dumb, but calling for people to
>change
> > > this functionality is unwarranted when machines can be firewalled.
> > >
> >
> >
> > Actually to me this sounds more like an excuse NOT to fix the problem
> > simply because it's "industry standard".
> >
> > Sometimes standards need to be looked at and revamped. In this case it's
> > one that would affect the industry as a whole. Are you calling for
> > advisories only simply because the workload would be tremendous or because
> > you truly believe that fixing this would affect nothing?
> >
> >
> > ---
> > David D.W. Downey - RHCE
> > Consulting Engineer
> > Ensim Corporation
> > [EMAIL PROTECTED]
> >
> >
>
> --
> Perry Harrington Director of zelur xuniL ()
> perry at webcom dot com System Architecture Think Blue. /\
>
> ------------------------------------------------------------------------
> Part 1.2Type: application/pgp-signature
--
http://www.apache-ssl.org/ben.html
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff
ApacheCon 2001! http://ApacheCon.com/
