Subject: Re: HEADS UP! Default value of ip6_v6only changed
To: None <email@example.com>
From: William Allen Simpson <firstname.lastname@example.org>
Date: 10/29/2003 07:38:08
Jun-ichiro itojun Hagino wrote:
> IPV6_V6ONLY and its default value was discussed in a design group for
> 2553bis. many of the people there wore vendor hat, and they were
> reluctant of changing the OS behavior, hence they refused to change.
> some (including me) suggested the default value be "implementation
> depenedent", but the editor of 2553bis ignored it.
Politically, I'm not surprised. After all, they made my opponent on
this issue a member of the IESG some years back. (Admittedly, I'd
turned down nominations for various positions on the IESG, on the
grounds that a not-independently-wealthy consultant cannot afford to
devote most/all of his time. Sun is big enough to support an IESG
member or two, and that's a good thing.)
Anyway, IPV6_V6ONLY=1 obviates ngtrans, his long-term baby.
> btw, freebsd changed the value from "off" to "on" between
> 4.x to 5.x to secure itself from the possible vulnerabilities.
> openbsd does not implement IPv4 mapped address behavior at all.
> why netbsd has to make the backward change, i.e. secure behavior to
> insecure behavior? portable programs cope with the issue already
> (since MS WinXP is basically "v6only=1").
This I didn't know. So, why is NetBSD going against the "rough
consensus and running code"?
William Allen Simpson
Key fingerprint = 17 40 5E 67 15 6F 31 26 DD 0D B9 9B 6A 15 2C 32