[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

ISP customer assignments

Subject: ISP customer assignments
From: dwhite at olp.net (Dan White)
Date: Mon, 5 Oct 2009 16:13:37 -0500
In-reply-to: <[email protected]>
References: <[email protected]> <[email protected]> <[email protected]> <[email protected]> <[email protected]>

On 05/10/09?16:43?-0400, Ricky Beam wrote:
> [here we go again]
>
> On Mon, 05 Oct 2009 14:37:49 -0400, William Herrin  
> <herrin-nanog at dirtside.com> wrote:
>> Some clever guy figured out that ... why not
>> add an extra 64 bits for that very convenient improvement? This is
>> called "stateless autoconfiguration."
>
> Except that "clever guy" was in fact an idiot blinded by idealism.  Not  
> only did he fail to see the security implications of having a fixed  
> address, but he'd apparently spent his entire life under a rock, on an  

a publicly routeable stateless auto configured address is no less
secure than a publicly routeable address assigned by DHCP. Security is, and
should be, handled by other means.

> island, on another planet... he completely ignored the fact that people  
> were using DHCP [formerly known as BOOTP] (and have been now for over a  
> decade) to provide machines with FAR MORE than just an address.  A 

That's what stateless DHCP does.

>> Some even more clever guy figured out that if the first clever guy's
>> strategy is used, it becomes a trivial matter to track someone
>> online... ...
>> stateless autoconfiguration will probably end up being a waste.
>
> It's ALWAYS been a waste.  All these supposed "clever guys" failed to  
> learn from the mistakes that preceded them and have doomed us to repeat  
> them... ICMP router discovery (technology abandoned so long ago, I'd  
> forgotten about it), RARP, bootp, dhcp.  SLAAC loops us back around to 
> the beginning.  Only this time, it's inescapable: I still have to have  
> something on the network spewing RAs for the sole purpose of telling  
> everything to use DHCP instead; there's a hard "class" boundary smack in  
> the middle of a "classless network" because these "clever guys" were lazy 
> and didn't want to figure out ways to avoid address collisions. 

I don't understand. You're saying you have overlapping class boundaries in
your network?

> (something modern IPv6 stacks do by default for privacy -- randomly 
> generated addresses have to be tested for uniqueness.)

-- 
Dan White
BTC Broadband

Follow-Ups:
- ISP customer assignments
  - From: Valdis.Kletnieks at vt.edu (Valdis.Kletnieks at vt.edu)

References:
- ISP customer assignments
  - From: bjohnson at drtel.com (Brian Johnson)
- ISP customer assignments
  - From: herrin-nanog at dirtside.com (William Herrin)
- ISP customer assignments
  - From: bjohnson at drtel.com (Brian Johnson)
- ISP customer assignments
  - From: herrin-nanog at dirtside.com (William Herrin)
- ISP customer assignments
  - From: jfbeam at gmail.com (Ricky Beam)

Prev by Date: ISP customer assignments
Next by Date: ISP customer assignments
Previous by thread: ISP customer assignments
Next by thread: ISP customer assignments
Index(es):
- Date
- Thread