Let me try to explain why I, as an implementor, do not like the M/O bits very much.
It is not that DHCPv6 cannot be made secure, it is that the M/O bits are
an automatic and insecure way to trigger an external configuration mechanism.
So you object to the security level of DHCPv6 rather than that of the M and O bits?
So one could mount an attack fairly easily by introducing a rogue DHCPv6
server on a network that had no DHCPv6 so far and send a fake RA with
the M/O bits on. The host will then configure itself using data coming
from the new rogue DHCPv6 server.
So what is the alternative? If there are no M and O bits, people implementing DHCPv6 will have to perform DHCP *always* so there is no protection against a rogue DHCPv6 server over the situation you describe.
If you want people to enable DHCPv6 manually: ok, no problem. But why would the M and O bits be in the way in that case? Just ignore them.
2462 says "host should invoke the stateful address autoconfiguration protocol"
and not "MUST invoke", so there are already provision for not obeying
the M/O bits. But if those bits are not mandatory to execute, why are they here in the first place?
Maybe because the IETF has no business to tell people in which way they should run their network, but only to provide them guidance on how a certain task can be performed in an interoperable way IF and WHEN the operator decides they want this task to be performed in the first place.
To give a hint that DHCPv6 is present?
Don't you consider this useful?
Host should not blindly believe this unless the RA are secured.
So what kind of bad stuff is going to happen when hosts start querying a rogue DHCPv6 server? I think the main problem is that traffic can be redirected through a rogue router which then has the opportunity to perform man in the middle attacks. However, the rogue system can just as easily perform the same thing using just RAs.
Also, there are no such bits in IPv4, and host implementations that chose to turn DHCPv4 on simply try it. Why is is not good for IPv6?
The difference is that in IPv4 you have the choice between manual configuration and DHCP, so absense of the former implies that the latter must be used. There is no such dichotomy in IPv6: absense of manual address configuration doesn't mean DHCPv6 should be used. IPv6 hosts have enjoyed the benefits of stateless address configuration for years and it's very likely that huge numbers of people running IPv6 networks will never want to run DHCPv6. So requiring hosts to always try DHCPv6 doesn't make any sense.
-------------------------------------------------------------------- IETF IPv6 working group mailing list [EMAIL PROTECTED] Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
