Jun-ichiro itojun Hagino wrote:
Well, there are many networks that are open to the general public, for
example wifi networks at airports.
It is true that a bad guy on-link can do a lot of harm, some of which can be alleviated by SEND. However, most of other attacks require a constant stream of packets, and increase the risk that the attack will be detected and traced. The recommendation to turn off the interface amplifies the powers of this bad guy: they can kick someone off the network with a single packet. In short, just because someone broke in, there is no reason to hand her a sledge hammer.
but then, if we change it to MAY, what is the point in running DAD
process? if you do not disable interface (or the address on the
interface) the owner of the same address will get confused,
peers of the address get confused, you will do bad things to the
original owner of the address.
I see disabling the interface and disabling the address on the interface as two separate actions.
So, I agree that the interface MAY be disabled.
Brian
-------------------------------------------------------------------- IETF IPv6 working group mailing list [EMAIL PROTECTED] Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
