Christian, > The section "5.4.5 When Duplicate Address Detection Fails" currently > says: > > A tentative address that is determined to be a duplicate as described > above, MUST NOT be assigned to an interface and the node SHOULD log a > system management error. If the address is a link-local address > formed from an interface identifier, the interface SHOULD be > disabled. > > The part about disabling the interface enables a DOS attack: wait for a > target to come on line and send a DAD packet, reply with a deliberate > collision, and poof the target is disconnected from the network. > > Proposed resolution: write "MAY be disabled" instead.
I strongly agree, for the reasons you give. John -------------------------------------------------------------------- IETF IPv6 working group mailing list [EMAIL PROTECTED] Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
