On Fri, 23 Dec 2011 21:06:26 +0100, Tomas Podermanski said:
On 12/23/11 4:33 AM, Owen DeLong wrote:
If there is actual real world demand for it, it will get implemented. Reality is that today, DHCPv4 has been running just as insecure for many years and nobody cares. I don't know why the bar for IPv6 should be so much higher than IPv4.
I can not agree with that. Many operators having customers into a shared segment and uses security features I mentioned before ( again DHCP snooping, ARP protection, source address validation).
Hate to inject some reality here - but Owen is totally correct here. That's all stuff you do *because DHCPv4 is an insecure protocol*. And a *lot* of places don't do all that added security on the IPv4 side because it's not part of their threat model, and probably don't want it on the IPv6 side for the same exact reasons.