On Tue, 20 Aug 2013, Fernando Gont wrote:
-------------------------------------------------------------------
There are numerous references to DAD. Isn't DAD attacks handled in other
documents that can be referenced, does this document really need to
outline this behaviour, perhaps even in conflict with other documents? I
don't remember where I read about this though, perhaps someone else
knows? It was discussed in SAVI anyway.
This document discusses how to recover from DAD failures -- *this* is
not discussed elsewhere.
I've seen this discussion in SAVI a few years back. I can't find any
documents now though so I don't know if it actually ended up anywhere.
I think it would be good to reference SAVI-WG documents on first-hop
security instead of writing new text on the subject.
Where, specifically?
Under 7 where ra-guard is mentioned. Oh, btw, the paragraph on
RA-guard is missing a trailing ".".
Network_ID mentions SSID. What if I have an ethernet Interface and I
move my computer around, should it identify a new set of /64 network
address and/or gateway MAC address as a new network as well? I think
some text on this would be good guidance for implementors.
That's left unspecified, since it might be tricky: there's might be more
than one local router, for redundancy purposes -- but since it's the
same network, you'd want your addresses to be stable.
That's why in the SSID example we use the SSID, and not the router's MAC
address or the like.
If it's tricky, doesn't that specifically warrant more text on the
subject?
--
Mikael Abrahamsson email: [email protected]
--------------------------------------------------------------------
IETF IPv6 working group mailing list
[email protected]
Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------
