On Aug 27, 2008, at 01:06, Rémi Després wrote:
Brian E Carpenter (m/j/a) 8/26/08 2:57 AM:On 2008-08-26 12:11, Dan Wing wrote:Brian E Carpenter wrote:Would your worry go away if the IETF initiated a standards effort aroundBut blocking tunnels by default, although it's simple, also blocks innovation. That worries me.something like Apple's ALD (draft-woodyatt-ald-03.txt)?I believe that something like that is needed.I also support that remote control of packet filtering should be standardized.IMO, its scope should cover both: - CPE control by hosts - control of ISP provided filtering devices by customer sites.
I must chime in here and repeat for the record that ALD is most emphatically NOT a protocol for enabling hosts to control filtering devices. I took Great Pains to specify it as a protocol for filtering devices to learn about interior applications that are soliciting inbound traffic from arbitrary exterior nodes regardless of their remote address.
Please please please I am VERY resistant to positioning ALD as a method for nodes to use in "controlling" firewall devices.
-- james woodyatt <jhw@apple.com> member of technical staff, communications engineering