[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Some suggestions for draft-ietf-v6ops-cpe-simple-security-03

To: "'Gert Doering'" <gert@space.net>
Subject: RE: Some suggestions for draft-ietf-v6ops-cpe-simple-security-03
From: "Dan Wing" <dwing@cisco.com>
Date: Tue, 26 Aug 2008 10:18:58 -0700
Cc: "'Truman Boyes'" <truman@suspicious.org>, "'Brian E Carpenter'" <brian.e.carpenter@gmail.com>, "'Mark Smith'" <ipng@69706e6720323030352d30312d31340a.nosense.org>, <jhw@apple.com>, "'IPv6 Operations'" <v6ops@ops.ietf.org>
In-reply-to: <20080826114919.GN19694@Space.Net>
References: <01af01c9065b$b4602440$c2f0200a@cisco.com> <48B23391.1090503@gmail.com> <01cd01c90672$a57c8790$c2f0200a@cisco.com> <48B31DA3.6080001@gmail.com> <07d201c906f7$50a85e30$c2f0200a@cisco.com> <48B32B43.5010103@gmail.com> <084c01c906fe$f9bf1840$c2f0200a@cisco.com> <48B33430.40704@gmail.com> <A31EB889-2BD9-4283-A408-AB6DCC1D568A@suspicious.org> <08be01c90712$d876cd40$c2f0200a@cisco.com> <20080826114919.GN19694@Space.Net>

 

> -----Original Message-----
> From: Gert Doering [mailto:gert@space.net] 
> Sent: Tuesday, August 26, 2008 4:49 AM
> To: Dan Wing
> Cc: 'Truman Boyes'; 'Brian E Carpenter'; 'Mark Smith'; 
> jhw@apple.com; 'IPv6 Operations'
> Subject: Re: Some suggestions for 
> draft-ietf-v6ops-cpe-simple-security-03
> 
> Hi,
> 
> On Mon, Aug 25, 2008 at 05:29:47PM -0700, Dan Wing wrote:
> > Internalt to external is permitted, by default, in the 
> current document.
> > 
> > We are discussing external to internal.  
> 
> What is "internal to external" is inevitably "external to internal" to
> someone else.
> 
> How do you solve "tunneling is permitted if solicited from 
> the inside" for the
> 
>   Host A --- CPE A ----[Internet]---- CBE B --- Host B
> 
> case?

The host (A and/or B) have to tell the CPE that they want the communication
to occur.

Let me ask the question the other way:  how do you prevent a mis-configured
application on Host A or Host B from being accessed from the Internet?  It is
my understanding such protection ('simple security') is the primary goal of
this working group document.

-d


> Gert Doering
>         -- NetMaster
> -- 
> Total number of prefixes smaller than registry allocations:  128645
> 
> SpaceNet AG                        Vorstand: Sebastian v. Bomhard
> Joseph-Dollinger-Bogen 14          Aufsichtsratsvors.: A. 
> Grundner-Culemann
> D-80807 Muenchen                   HRB: 136055 (AG Muenchen)
> Tel: +49 (89) 32356-444            USt-IdNr.: DE813185279

References:
- RE: Some suggestions for draft-ietf-v6ops-cpe-simple-security-03
  - From: "Dan Wing" <dwing@cisco.com>
- Re: Some suggestions for draft-ietf-v6ops-cpe-simple-security-03
  - From: Brian E Carpenter <brian.e.carpenter@gmail.com>
- RE: Some suggestions for draft-ietf-v6ops-cpe-simple-security-03
  - From: "Dan Wing" <dwing@cisco.com>
- Re: Some suggestions for draft-ietf-v6ops-cpe-simple-security-03
  - From: Brian E Carpenter <brian.e.carpenter@gmail.com>
- RE: Some suggestions for draft-ietf-v6ops-cpe-simple-security-03
  - From: "Dan Wing" <dwing@cisco.com>
- Re: Some suggestions for draft-ietf-v6ops-cpe-simple-security-03
  - From: Brian E Carpenter <brian.e.carpenter@gmail.com>
- RE: Some suggestions for draft-ietf-v6ops-cpe-simple-security-03
  - From: "Dan Wing" <dwing@cisco.com>
- Re: Some suggestions for draft-ietf-v6ops-cpe-simple-security-03
  - From: Brian E Carpenter <brian.e.carpenter@gmail.com>
- Re: Some suggestions for draft-ietf-v6ops-cpe-simple-security-03
  - From: Truman Boyes <truman@suspicious.org>
- RE: Some suggestions for draft-ietf-v6ops-cpe-simple-security-03
  - From: "Dan Wing" <dwing@cisco.com>
- Re: Some suggestions for draft-ietf-v6ops-cpe-simple-security-03
  - From: Gert Doering <gert@space.net>

Prev by Date: Re: Some suggestions for draft-ietf-v6ops-cpe-simple-security-03
Next by Date: Re: Some suggestions for draft-ietf-v6ops-cpe-simple-security-03
Previous by thread: Re: Some suggestions for draft-ietf-v6ops-cpe-simple-security-03
Next by thread: Re: Some suggestions for draft-ietf-v6ops-cpe-simple-security-03
Index(es):
- Date
- Thread