Re: I-D.ietf-v6ops-cpe-simple-security-09

[james woodyatt <jhw@apple.com>]

On Mar 4, 2010, at 15:25, Mark Baugher wrote:
> 
> 1. Rec-2.  Why not site-scope?

Because the subscriber and the provider are not the same organization, and we recommend that CPE routers enforce the organization-local scope boundary to protect subscriber's interior multicast routing up to the organization-local scope level, not just the site-local scope level.  This permits a subscriber to, for example, divide their interior network into multiple site-local multicast routing domains, each with potentially multiple links.

> 2. Rec-42.  Pardon me if I'm being dense, but what are you saying here?  That service providers cannot manage the device from an exterior interface?

No.  Only that the DEFAULT configuration of subscriber managed gateways is that service providers aren't offered a management interface.  If subscribers are issued provider managed gateways, or they explicitly change the DEFAULT configuration of their subscriber managed gateways, then service providers can manage them.

> There are many SHOULDs and some should be MUSTs.  I have a long list of nits and such.  I'll send the markups directly to you, James.  Is this Last Call or is this going into Last Call soon?

The chairs have not made a Last Call.  I'm trying to surface objections before I ask the chairs to issue a Last Call on Sunday evening.


--
james woodyatt <jhw@apple.com>
member of technical staff, communications engineering