In your letter dated Thu, 23 Jun 2011 18:13:31 -0400 you wrote: >On Jun 23, 2011, at 6:08 PM, Philip Homburg wrote: >> Ideally, clients use end-to-end crypto to keep themselves secure, but = >the >> network still has to be protected against denial of service attacks. > >No, strictly speaking the *clients* need to be protected against DoS = >attacks. One way to do this is to strongly control multicast on the = >network. But the network itself cannot suffer from rogue RA = >advertisements: it is other clients on the network that suffer.
You are right if we just limit ourselves to RAs. But my comment was meant to be broader than that. If a malcious client configures a router's MAC address on his ethernet card then it is not the clients' faults if L2 switches route traffic to the wrong port. Same thing if a malicious client uses another client's IP address and the router gets confused. -------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------