matsuzaki-san's preso, i think the copy he will present next week at apops:
To summarize, using /64 on a link opens the door to a DOS problem that we need to pressure the vendors to fix. Obviously, this matters more to people who are running full-blown production IPv6 networks right now than it does to people in the planning stages. But everyone should really contact their vendor and find out when this issue will be fixed. What could vendors do? They could have an implied packet filter builtin to the router code, or they could treat all odd addresses from a /64 as implicitly assigned to the :1 end and all even ones as implicitly assigned to the :2 end. Workarounds are to use /64 on the link from a link-local address range, or to filter incoming traffic that could trigger the problem or to use a /127 on the link. In the latter case, you should read and understand the implications documented in RFC 3627 <http://tools.ietf.org/html/rfc3627> In any case, IPv6 is not cut and dried. The landscape is still shifting and the only way for you to learn what works and what doesn't is to deploy it seriously. --Michael Dillon