Re: Forward: HEADS UP! Default value of ip6_v6only changed
From: Jeff W. Boote (boote_at_internet2.edu)
Date: 10/28/03
- Previous message: Hajimu UMEMOTO: "Forward: HEADS UP! Default value of ip6_v6only changed"
- In reply to: Hajimu UMEMOTO: "Forward: HEADS UP! Default value of ip6_v6only changed"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Tue, 28 Oct 2003 08:40:19 -0700 To: Hajimu UMEMOTO <ume@mahoroba.org>
Hajimu UMEMOTO wrote:
>
> Hi,
>
> Our default of net.inet6.ip6.v6only was off in 4.X, and was changed to
> on on 5.X to follow NetBSD's practice. This behavior on 5.X breaks
> RFC2553/3493, and the change was intentional from security
> consideration. But, NetBSD changed it off by default.
> How do you think our default of on?
As long as it is documented well, and the workaround (setting the
IPV6_V6ONLY sockopt "off") is referenced, I don't think it really
matters. Application programmers realize they have *some* work to do
when porting applications to V6. A single sockopt call is not
unreasonable. I think "on" for the security reasons outlined is the
right call - it will at least make people think about those issues, and
most would not without something bringing it up. (That said, it would be
nice if NetBSD would pick a direction and keep it.)
jeff
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
- Previous message: Hajimu UMEMOTO: "Forward: HEADS UP! Default value of ip6_v6only changed"
- In reply to: Hajimu UMEMOTO: "Forward: HEADS UP! Default value of ip6_v6only changed"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
|
