On 2010-08-17 17:21, Randy Bush wrote:
>>> because my routers don't operate via telekinesis or redirects. my
>>> hosts don't listen to redirects as the information may be forged or
>>> improper.
>> So why can't you disable redirects? If they are configured on by default,
>> it will be possible to configure them off.
>>
>> I understand that you don't want to use redirects. What I don't understand
>> is why you don't want other people to be able to use them.
>
> <speaking for jared>
>
> he does not want others not to be able to use them. nowhere has he said
> that. if they want them, turn them on. same argument.
Right, except that this would reverse the earlier consensus, since RFC4861
says
A router SHOULD send a redirect message, subject to rate limiting,
whenever it forwards a packet that is not explicitly addressed to
itself
> his point is that having interfaces do things automatically by default
> has been demonstrated to be dangerous.
I assume that's why 4861 also gives a longish list of validity checks
that a host must apply to any redirect before believing it.
Anyway, having (re)read that part of 4861, I need to reverse myself
a bit. We can't let hosts off the hook; they need to do what 4861 says.
But if there's a valid reason to ship a router with redirects turned
off (i.e. a valid reason to override the SHOULD I just quoted), I don't
see that Node Requirements can forbid it. So I guess we'd end up with
Redirect functionality SHOULD be supported. If the node is a router,
Redirect functionality MUST be supported but MAY be disabled by default.
Brian
--------------------------------------------------------------------
IETF IPv6 working group mailing list
[email protected]
Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------
