Hello, Brian. As I presented last IETF 6MAN meeting, our draft aims to provide automatic revocation of DHCPv6 clients in case that invocation of clients can be done in accordance with the RFC2462. Thus, requirement of our security model is that we should not intoduce additional threats to the existing specification and implementations. Since per-interface state variables are managed through timer based algorithm proposed in the draft, illegal RA messages can not stop clients as long as legal RA messages advertise the availability of DHCPv6 service. Also, we proposed two options when state variables are invalidated: 1) DHCPv6 client may refer state variables to decide whether it should keep its operation or not only after all bindings(leases) expires. 2) DHCPv6 client may be stopped immediately at the transition of variables from 1 to 0. With the first option, client can keep its operation even if state variables will be changed to 0 since legal RA messages are absent within lifetimes by an y reasons.
> It would seem quite dangerous to enable/disable DHCPv6 clients > arbitrarily based on bit settings in un-protected RA messages. I agree with your point. We do not have any security methods and just consider using the SEND. Regards, Joseph ------- Original Message ------- Sender : Brian Haberman<[EMAIL PROTECTED]> Date : 2008-10-08 04:20 (GMT+09:00) Title : Re: Request for Advices on the draft "draft-cha-ipv6-ra-mo-00.txt" Joseph, Do you have a particular security model in mind for giving Router Advertisements the power to control software functionality on each node? It would seem quite dangerous to enable/disable DHCPv6 clients arbitrarily based on bit settings in un-protected RA messages. Regards, Brian HYUN WOOK CHA wrote: > Hello, Ted. > > That's correct. I believe that the ability to stop DHCP clients using > M/O bits in RA is required once they were invoked by M/O bits in RA. > > > Joseph > > ------- Original Message ------- Sender : Ted > Lemon<[EMAIL PROTECTED]> Date : 2008-09-30 09:36 (GMT+09:00) > Title : Re: Request for Advices on the draft > "draft-cha-ipv6-ra-mo-00.txt" > > Joseph, to summarize, it sounds like you believe that the ability to > stop DHCP clients broadcasting on a link is a requirement. And you > therefore think that deprecating the M&O bits is not the right > answer. Is that correct? > > > > -------------------------------------------------------------------- > IETF IPv6 working group mailing list ipv6@ietf.org Administrative > Requests: https://www.ietf.org/mailman/listinfo/ipv6 > -------------------------------------------------------------------- -------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------