In RFC 5505, the IAB took on this question, separating basic IP configuration (which has in practice proved difficult to secure) from application-layer configuration (which can be postponed until later in the boot process when security facilities are available to secure it).
As David pointed out, it is now common for “managed devices” to support secure configuration, avoiding the “coffee shop” scenario. > On Jul 17, 2024, at 16:50, Watson Ladd <watsonbl...@gmail.com> wrote: > > If you use network links to configure your device, and the device goes > to the coffeeshop, that coffeeshop gets to configure the device. > That's just inherently a bad idea, and always has been. _______________________________________________ Int-area mailing list -- int-area@ietf.org To unsubscribe send an email to int-area-le...@ietf.org
