On 06/06/2014 09:20 AM, Eric Vyncke (evyncke) wrote: >> >>> * Add a reference to SAVI-DHCP ? >> >> SAVI-DHCP seems rather orthogonal... but I might be wrong. i.e., >> savi-dhcp seems to be about building state on the layer-2 device based >> on DHCPv6 exchanges, rather than about preventing malicious DHCPv6 >> exchanges. Am I right? >> >> In any case, I guess one could add an informational reference as follows: >> "The security of a site employing DHCPv6 Shield could be further >> improved by deploying [SAVI-DHCP], to mitigate IPv6 address spoofing". >> >> Thoughts? > > This is indeed mostly orthogonal, each technique can be deployed without > the other one. But, you proposed paragraph is correct and will be helpful > for the readers/implementers.
Perfect. I will add the paragraph above to the next rev. Regarding the only remaining proposed change (about the terminology), I'd like to know if you have any further thoughts. Me, I wouldn't have a problem with removing the definition of those terms, nad pointing to the specific section of RFC7112. However, I think that explicitly including the definitions makes the document more self-contained. Also.. I wonder what would happen if, say, RFC7112 were to be replaced by some other RFC (the DHCPv6 SHield would now have a pointer to e.g. an obsoleted RFC?) -- just me thinking out loud. Thanks so much! Cheers, -- Fernando Gont SI6 Networks e-mail: [email protected] PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492 _______________________________________________ OPSEC mailing list [email protected] https://www.ietf.org/mailman/listinfo/opsec
