Hi Kevin, On Sat, 16 Oct 2010 20:13:22 -0700 "Kevin Oberman" <ober...@es.net> wrote:
> > Date: Sun, 17 Oct 2010 10:24:41 +1030 > > From: Mark Smith > > <na...@85d5b20a518b8f6864949bd940457dc124746ddc.nosense.org> > > > > On Sat, 16 Oct 2010 15:26:54 -0700 > > "Kevin Oberman" <ober...@es.net> wrote: > > > > > > Date: Sun, 17 Oct 2010 00:40:41 +1030 > > > > From: Mark Smith > > > > <na...@85d5b20a518b8f6864949bd940457dc124746ddc.nosense.org> > > > > > > > > On Sat, 16 Oct 2010 12:31:22 +0100 > > > > Randy Bush <ra...@psg.com> wrote: > > > > > > > > > http://www.ietf.org/internet-drafts/draft-ietf-6man-prefixlen-p2p-00.txt > > > > > > > > > > > > > Drafts are drafts, and nothing more, aren't they? > > > > > > Drafts are drafts. Even most RFCs are RFCs and nothing more. > > > > No, drafts are documents that can be submitted by anybody, and can say > > anything, where as RFCs have been through an IETF evaluation process. > > > > > Only a > > > handful have ever been designated as "Standards". I hope this becomes > > > one of those in the hope it will be taken seriously. (It already is by > > > anyone with a large network running IPv6.) > > > > > > The point is to READ the draft arguments and see why /127s are the right > > > way to address P2P circuits. > > > > I suggest you search the v6ops mailing list, as I've read it multiple > > times, including all revisions, and have pointed out multiple issues > > with it. > > > > > Also, you might note the contributors to the > > > draft. They are people well know on this list who have real, honest to > > > goodness operational experience in running networks and really understand > > > that a /64 on a P2P connection is a serious security problem. > > > > As do I. You can see my analysis of the issue, and how I think it > > should be fixed properly, not mitigated for one type of link at the > > following URLs. > > > > http://www.ops.ietf.org/lists/v6ops/v6ops.2010/msg00543.html > > > > > > http://www.ietf.org/mail-archive/web/ipv6/current/msg12400.html > > I don't entirely agree with your arguments, but the approach looks, at > first glance, to be quite interesting and could quite possibly fix the > problem. I'll need to digest it a bit better. > > Have you or someone else authored a draft on this proposal? I've started writing one on the nonce solution, as it can be made to interoperate with existing deployed ND NS/NA mechanisms. Regards, Mark. > In the > meantime, I still support /127s for P2P links. > -- > R. Kevin Oberman, Network Engineer > Energy Sciences Network (ESnet) > Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab) > E-mail: ober...@es.net Phone: +1 510 486-8634 > Key fingerprint:059B 2DDF 031C 9BA3 14A4 EADA 927D EBB3 987B 3751
