> >> my suggestion is to leave it SHOULD. > >you didnt justify why. makes no sense on an unprotected network. > > i did. you did not quote my previous line. > > >> agree completely. if you allow enemy to be on-link you are dead. > >> my suggestion is to leave it SHOULD. > > this is just like physical security; if you allow people to enter > computer room, security mechanisms are pertty moot as bad guys can > use > sledge hammer to break the computer.
Well, there are many networks that are open to the general public, for example wifi networks at airports. It is true that a bad guy on-link can do a lot of harm, some of which can be alleviated by SEND. However, most of other attacks require a constant stream of packets, and increase the risk that the attack will be detected and traced. The recommendation to turn off the interface amplifies the powers of this bad guy: they can kick someone off the network with a single packet. In short, just because someone broke in, there is no reason to hand her a sledge hammer. -- Christian Huitema -------------------------------------------------------------------- IETF IPv6 working group mailing list [EMAIL PROTECTED] Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------