On 4/30/23 00:16, Per Jessen wrote:
In Lews case, as he has testified, the lax security policies led to problems, even a very rarely seen one.
Trust me, Per, the policies/procedures aren't lax. I'm just not at liberty to tell you about them. The topic was of IPv6 problems and threats. The problem is common enough that there's an RFC on the topic: https://datatracker.ietf.org/doc/html/rfc6104 I stated that we were affected by this problem, yet rather than acknowledge the poor IPv6 design you blame the victim. Way to go to address security threats! You imply that we "deserved" to have the problem because we gave Windows users too much freedom. Any protocol that requires specific configuration in clients is flawed. Security needs to be inherent by design, and not depend on clients promising to behave properly. Regarding neighbor discovery, there are problems baked in to the protocol, as defined here, and in many other places: https://www.hpc.mil/program-areas/networking-overview/2013-10-03-17-24-38/ip... It seems that there are possible mitigations, but the extent of mitigation deployment is unclear in my limited searching. I'd question whether SOHO and consumer routers and switches do any mitigation at all. My failure to reply to your inevitable criticism of this message should not be considered as my agreeing with you, it's merely acknowledgment that this isn't the right venue to discuss security edge cases. Regards, Lew