>>> It doesn't. The I-D aims at allowing routers specify which policy they want >>> hosts to employ when generating their IPv6 addresses. >> >> Uh? I definitely don't want to give the router at Starbucks the means to >> specify the privacy configuration of my laptop. >> >> I understand that corporation want to enforce policies so PC and routers are >> easier to manage, but we have to be careful. If we define that policy as >> part of the address configuration standard, then it will apply everywhere, >> not just in the corporate network where the laptop is managed. That seems a >> terrible idea. >> >> If we want policy options to be applied safely, they have to be propagated >> by trusted mechanism, where the host can verify the authority of the policy >> source. Anything else is abuse waiting to happen. > > Please consider this my periodic repetition of support for what Christian is > saying here, along with my periodic repetition of opposition to (further) > modifying RA/SLAAC to do things that DHCP can/does do, or should be doing.
+1 > And to state publicly something that I discussed in private, I'm completely > unsympathetic to the viewpoint that "we need to show to the auditors that we > tried to prevent hosts from doing bad things" in the absence of rigorous > security steps to _actually_ prevent them. +1 Ole -------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
