[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Purpose of ALD (was Re: Some suggestions for draft-ietf-v6ops-cpe-simple-security-03)
On Aug 27, 2008, at 12:54, Dan Wing wrote:
[I wrote:]
I must chime in here and repeat for the record that ALD is most
emphatically NOT a protocol for enabling hosts to control filtering
devices. I took Great Pains to specify it as a protocol for
filtering devices to learn about interior applications that are
soliciting inbound traffic from arbitrary exterior nodes regardless
of their remote address.
Please please please I am VERY resistant to positioning ALD as a
method for nodes to use in "controlling" firewall devices.
Er, it seems the same to me. Are you just saying that the interior
host is not necessarily *overriding* the filtering device's rules?
If that's what you're saying, I agree, and I think that's fine.
I'm actually making a somewhat stronger statement.
I'm saying that the Purpose of ALD is *NOT* for interior nodes to
control their corresponding states in filtering middleboxes, but
rather for middleboxes to learn about state at interior nodes relevant
for network filtering. The design of ALD is a reflection of this
statement of purpose, which is why it defines no mechanism for
informing endpoint nodes whether and/or why not filtering rules have
changed as a result of the notifications they send.
I don't mean to sound like I'm picking nits, but I really do think
it's a big mistake to formulate the problem statement around a
perceived need for endpoint nodes to "control" the state of
middleboxes. I contend there is no such need. There is only a need
for filtering middleboxes to be better aware of endpoint state so that
they do not intrude on network transparency unnecessarily, i.e. when
security policy does not require it.
--
james woodyatt <jhw@apple.com>
member of technical staff, communications engineering