[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Some suggestions for draft-ietf-v6ops-cpe-simple-security-03

On Wed, 27 Aug 2008 10:06:40 +0200, Rémi Després <remi.despres@free.fr>

wrote:

> Brian E Carpenter   (m/j/a) 8/26/08 2:57 AM:

>> On 2008-08-26 12:11, Dan Wing wrote:

>>> Brian E Carpenter wrote:

>>>> But blocking tunnels by default, although it's simple, also

>>>> blocks innovation. That worries me.

>>> Would your worry go away if the IETF initiated a standards effort

>> around something like Apple's ALD (draft-woodyatt-ald-03.txt)?

>>

>> I believe that something like that is needed.



Me too.



> I also support that remote control of packet filtering should be

> standardized.

> 

> IMO, its scope should cover both:

> - CPE control by hosts

> - control of ISP provided filtering devices by customer sites.



I have to disagree. An ISP is not supposed to do filtering in the first

place.



Also, in real life, filtering by ISP is typically one of:

- NAT contingency, in which case it cannot be controlled directly,

- not meant to be controlled by the user

  (e.g. blocking SMTP, NetBIOS, or other protocols, spoof protection...)



I dare stress that NAT control is _not_ the same thing as filtering

control.



-- 

Rémi Denis-Courmont