[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Purpose of ALD (was Re: Some suggestions for draft-ietf-v6ops-cpe-simple-security-03)

To: "'james woodyatt'" <jhw@apple.com>, "'IPv6 Operations'" <v6ops@ops.ietf.org>
Subject: RE: Purpose of ALD (was Re: Some suggestions for draft-ietf-v6ops-cpe-simple-security-03)
From: "Dan Wing" <dwing@cisco.com>
Date: Wed, 27 Aug 2008 17:12:00 -0700
In-reply-to: <19C3AEFF-1D59-4D48-AD2D-0A3A89D2C0F2@apple.com>
References: <20080824204553.08131c65.ipng@69706e6720323030352d30312d31340a.nosense.org> <48B1CCE8.1070305@gmail.com> <01af01c9065b$b4602440$c2f0200a@cisco.com> <48B23391.1090503@gmail.com> <01cd01c90672$a57c8790$c2f0200a@cisco.com> <48B31DA3.6080001@gmail.com> <07d201c906f7$50a85e30$c2f0200a@cisco.com> <48B32B43.5010103@gmail.com> <084c01c906fe$f9bf1840$c2f0200a@cisco.com> <48B33430.40704@gmail.com> <08b901c90710$4064aa60$c2f0200a@cisco.com> <48B354FA.7040601@gmail.com> <48B50B10.9090005@free.fr> <15ECFC5E-7734-44ED-A652-7EFC795E6A39@apple.com> <05cb01c9087e$c40d0960$c2f0200a@cisco.com> <19C3AEFF-1D59-4D48-AD2D-0A3A89D2C0F2@apple.com>

> I'm actually making a somewhat stronger statement.
> 
> I'm saying that the Purpose of ALD is *NOT* for interior nodes to  
> control their corresponding states in filtering middleboxes, but  
> rather for middleboxes to learn about state at interior nodes 
> relevant  
> for network filtering.  The design of ALD is a reflection of this  
> statement of purpose, which is why it defines no mechanism for  
> informing endpoint nodes whether and/or why not filtering rules have  
> changed as a result of the notifications they send.
> 
> I don't mean to sound like I'm picking nits, but I really do think  
> it's a big mistake to formulate the problem statement around a  
> perceived need for endpoint nodes to "control" the state of  
> middleboxes.  I contend there is no such need.  There is only a need  
> for filtering middleboxes to be better aware of endpoint 
> state so that  
> they do not intrude on network transparency unnecessarily, i.e. when  
> security policy does not require it.

Understood.  Thanks for clarifying!

-d

References:
- Some suggestions for draft-ietf-v6ops-cpe-simple-security-03
  - From: Mark Smith <ipng@69706e6720323030352d30312d31340a.nosense.org>
- Re: Some suggestions for draft-ietf-v6ops-cpe-simple-security-03
  - From: Brian E Carpenter <brian.e.carpenter@gmail.com>
- RE: Some suggestions for draft-ietf-v6ops-cpe-simple-security-03
  - From: "Dan Wing" <dwing@cisco.com>
- Re: Some suggestions for draft-ietf-v6ops-cpe-simple-security-03
  - From: Brian E Carpenter <brian.e.carpenter@gmail.com>
- RE: Some suggestions for draft-ietf-v6ops-cpe-simple-security-03
  - From: "Dan Wing" <dwing@cisco.com>
- Re: Some suggestions for draft-ietf-v6ops-cpe-simple-security-03
  - From: Brian E Carpenter <brian.e.carpenter@gmail.com>
- RE: Some suggestions for draft-ietf-v6ops-cpe-simple-security-03
  - From: "Dan Wing" <dwing@cisco.com>
- Re: Some suggestions for draft-ietf-v6ops-cpe-simple-security-03
  - From: Brian E Carpenter <brian.e.carpenter@gmail.com>
- RE: Some suggestions for draft-ietf-v6ops-cpe-simple-security-03
  - From: "Dan Wing" <dwing@cisco.com>
- Re: Some suggestions for draft-ietf-v6ops-cpe-simple-security-03
  - From: Brian E Carpenter <brian.e.carpenter@gmail.com>
- RE: Some suggestions for draft-ietf-v6ops-cpe-simple-security-03
  - From: "Dan Wing" <dwing@cisco.com>
- Re: Some suggestions for draft-ietf-v6ops-cpe-simple-security-03
  - From: Brian E Carpenter <brian.e.carpenter@gmail.com>
- Re: Some suggestions for draft-ietf-v6ops-cpe-simple-security-03
  - From: Rémi Després <remi.despres@free.fr>
- Re: Some suggestions for draft-ietf-v6ops-cpe-simple-security-03
  - From: james woodyatt <jhw@apple.com>
- RE: Some suggestions for draft-ietf-v6ops-cpe-simple-security-03
  - From: "Dan Wing" <dwing@cisco.com>
- Purpose of ALD (was Re: Some suggestions for draft-ietf-v6ops-cpe-simple-security-03)
  - From: james woodyatt <jhw@apple.com>

Prev by Date: Re: But are we talking IPv6 only? That's how I read the draft. (Re: Some suggestions for draft-ietf-v6ops-cpe-simple-security-03)
Next by Date: RE: But are we talking IPv6 only? That's how I read the draft. (Re: Some suggestions for draft-ietf-v6ops-cpe-simple-security-03)
Previous by thread: Purpose of ALD (was Re: Some suggestions for draft-ietf-v6ops-cpe-simple-security-03)
Next by thread: Re: Some suggestions for draft-ietf-v6ops-cpe-simple-security-03
Index(es):
- Date
- Thread