[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Some suggestions for draft-ietf-v6ops-cpe-simple-security-03
> On 25/08/2008, at 6:37 PM, Brian E Carpenter wrote:
> > But blocking tunnels by default, although it's simple, also
> > blocks innovation. That worries me.
> >
> > Brian
>
> I agree with this stance. Blocking tunnels, although possibly more
> secure is going to make it very difficult to solve real world
> problems. We have enough trouble today with IPv4 Port forwarding in
> CPEs and the fact that some devices do not by default pass VPN
> traffic. I believe internal to external tunnel flow/solicitation
> should be permitted by default.
Internalt to external is permitted, by default, in the current document.
We are discussing external to internal.
-d