What about links that need to be available for failover or during emergencies? What about organizations that operate at those hours? I used to work at a 24 hour retail chain, and some stores in mining towns had their busiest hours around 4AM as busloads of miners came in to shop before the day started. We could _never_ upgrade those stores in the early morning hours.
So you're saying the defaults should be setup for the unusual use cases like you describe, even if that means we get botnets of millions of routers?
You're not going to define one set of secure-by-default rules that's going to work for everyone. Rather, you want to try to define a set of secure-by-default rules that work for most people. Then but the burden of reconfiguration and maintenance on those with unusual needs, rather than the majority.
