On 19/02/2009, at 9:22 AM, Owen DeLong wrote:
There are also a number of security issues available in the "Just
trust some
unsolicited broadcast about where to send all your network traffic."
approach
to host bootstrapping that bother some people.
So, those people don't use DHCP in IPv4 if this is a concern, so I'm
guessing they are not hoping to use DHCPv6 either.
Static configuration of IP addressing information and other
configuration will work just fine for them.
I wonder, do they use ARP?
The things you are talking about are about protecting against
misconfiguration, not about protecting against malicious people.
We can argue all you want about how pathological these cases are, but,
the fact remains that trusting some unsolicited broadcast from a
device
claiming to be a router as your starting point isn't viable in a
number of
real world installations and an alternative needs to be made
available.
Of course, better support and vendor implementation of all the
different options would be nice.
Sure, but, so would DHCP functionality equivalent to what we have in
IPv4.
If you want SLAAC or RA or whatever, more power to you. Some
installations
do not. They want DHCP equivalent functionality with the same
security model.
SLAAC and DHCPv6 do not have different security models in the "host
trusting the network" area. In terms of "network trusting the host",
there is a bit I suppose, assuming you trust whatever MAC address and
client identifier the host uses.
Most networks have broadcast controls that are mostly vendor
specific hacks. Now they'll have multicast controls, which is good
to have anyways.
This assumes a lot, but, even if it's true, it doesn't change the
fact that some
organizations like the existing DHCP model and there's no reason not
to
provide equivalent functionality in IPv6.
I would agree, if we did not have SLAAC.
RA is needed to tell hosts which of SLAAC and DHCPv6 to use though.
Perhaps a solution here is a DHCPv6 option that says "do not listen to
RAs any more", so that once a host is on a network and has an address
from DHCPv6, it does not get affected by devices sending rogue RAs.
Perhaps there is an additional option that says "send an RS message
and listen to RA when your renewing your DHCPv6 lease" to allow
transition from DHCPv6 to SLAAC if the network wants to do that.
That way, we get DHCPv6 vs. SLAAC selection when a host connects to
the network without having to manually configure, and we get "IPv4
DHCP"-like behaviour.
--
Nathan Ward