[ipv6hackers] IPv6 security presentation at Hack.lu 2011
fgont at si6networks.com
Tue Sep 27 16:17:38 CEST 2011
On 09/27/2011 05:31 AM, Enno Rey wrote:
> nope. as DHCPv6 does (currently, and the respective IETF draft was
> discarded after v01) _not_ allow the distribution of a default
> router. so a node just configured by means of DHCPv6 only will not be
> able to communicate outside its local-link space. [which can be a
> desired state, security-wise, but will probably seldom be desirable
> functionality-wise ;-)]
I don't recall of the top of my head what was the rationale for
producing the standards this way, but at least in principle it looks
Yeas ago, you couldn't rely *only* on SLAAC, since it didn't yet support
the RDNSS option (which is vital in most network deployments) -- even
with RDNSS now *specified*, it is still not widely deployed, and hence
you cannot rely on SLAAC alone.
OTOH, you cannot rely on DHCPv6 alone if you cannot get a default route
This basically means you must support both, even if you only need very
little of one of them.
Not very much following the KISS principle...
e-mail: fgont at si6networks.com
PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492
More information about the Ipv6hackers