Em 29-04-2014 17:25, Paul de Weerd escreveu: > Disabling IPv6 should not be necessary: it shouldn't be enabled by > default, even link-local addresses. Exactly my point. Even with only link local addresses, some daemons bind to tcp6 wildcard sockets and I can detect delays when using a linux with the dual stack. > > Why oh why can I bring up an interface and have attackers probe me > over IPv6 on a default OpenBSD install while they cannot do so over > IPv4? Why is IPv6 more enabled than IPv4? IPv4 takes configuration > before it will work, IPv6 works without it. I believe that's a > problem that should be fixed before changing other defaults. The ipv6 setup must be much simpler than ipv4. And it is. Using rtadvd on OpenBSD for example is simpler than setting up a dhcp server. > > If I want IPv6 (static / RS / DHCPv6 / whatever), I should configure > my machine with it .. just like with IPv4 (static / DHCP / whatever). > Fuck this bullshit. Please note that this is the protocol where many > a developer will complain about how it's more complex than IPv4. > > Paul 'WEiRD' de Weerd > > PS: I tend to want IPv6 everywhere - I'm just opposing this STUPID > default in OpenBSD. > IPv6 will make our life as sysadmins much easier. IPv6 will happen. The sooner the better. But this default on OpenBSD is not the way to make it happen faster.
Cheers, -- Giancarlo Razzolini GPG: 4096R/77B981BC
