[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Some suggestions for draft-ietf-v6ops-cpe-simple-security-03
> I must chime in here and repeat for the record that ALD is most
> emphatically NOT a protocol for enabling hosts to control filtering
> devices. I took Great Pains to specify it as a protocol for
> filtering
> devices to learn about interior applications that are soliciting
> inbound traffic from arbitrary exterior nodes regardless of their
> remote address.
>
> Please please please I am VERY resistant to positioning ALD as a
> method for nodes to use in "controlling" firewall devices.
Er, it seems the same to me. Are you just saying that the interior
host is not necessarily *overriding* the filtering device's rules?
If that's what you're saying, I agree, and I think that's fine.
-d