Hi Randy, On 3/26/14 6:23 AM, Randy Bush wrote: >> I don't particulary object to having a RFC out there that says "it can >> be done, but this is just one option, and drawbacks exist" - which the >> text does. I just won't ever *do* that. > > the problem is that the naive will fall into the hole. hence my > assertion that it needs the toxic warning. >
Let me be explicit for those who need it... Operating with only link-local addresses isolates the devices from management systems located in a NOC (i.e., not directly adjacent). A typical first-step diagnostic when something goes wrong is to ping the address of the suspect interface *from the NOC*. That can't be done if the pesky device only has a link-local address. I agree with Randy's pov that this document has some serious issues. Regards, Brian
signature.asc
Description: OpenPGP digital signature
_______________________________________________ OPSEC mailing list [email protected] https://www.ietf.org/mailman/listinfo/opsec
