Dual stack hotspot/captive portal
Mikael Abrahamsson
swmike at swm.pp.se
Thu Feb 24 03:35:43 CET 2011
On Wed, 23 Feb 2011, Marc Blanchet wrote:
> I thought we were talking about hotspot with captive portal which
> suggests public places with not the same level of security requirements
> as an enterprise network.
Not protecting users from man-in-the-middle attacks and session hijackings
is really bad business practice. You need to protect the users MORE in
that kind of environment than on an enterprise LAN. The most adverse
environment securitywise is the role of an ISP, not the enterprise.
> To me, captive portals are just fine with router advertisements and I
> don't see real need for DHCPv6. However, DHCPv6 can be a solution in
> this environment, but there is currently some lack of clients
> implementations. That might change in a not so distant future. However,
> if one wants to do it right now, and it is for the general public, I
> guess RA are probably more simple than DHCPv6, given all implementations
> support RA.
You use RAs always, even in DHCPv6. You probably mean SLAAC.
And I would design it so that people with DHCPv6 support get IPv6, if they
don't, they don't get IPv6. No SLAAC allowed. I guess we can agree to
disagree.
--
Mikael Abrahamsson email: swmike at swm.pp.se
More information about the ipv6-ops
mailing list