[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: I-D.ietf-v6ops-cpe-simple-security-09

To: Fred Baker <fred@cisco.com>
Subject: Re: I-D.ietf-v6ops-cpe-simple-security-09
From: Mark Baugher <mbaugher@cisco.com>
Date: Thu, 4 Mar 2010 19:05:12 -0800
Cc: james woodyatt <jhw@apple.com>, IPv6 Operations <v6ops@ops.ietf.org>
In-reply-to: <929CA789-3B68-4B60-A623-311D072B4F17@cisco.com>
References: <D6F5ACD2-EB43-477E-9F48-AC3EDB3F7EB4@apple.com> <0E826480-B510-4907-9F38-6119C0D7523B@cisco.com> <929CA789-3B68-4B60-A623-311D072B4F17@cisco.com>

On Mar 4, 2010, at 3:56 PM, Fred Baker wrote:

>> 
>> 2. Rec-42.  Pardon me if I'm being dense, but what are you saying here?  That service providers cannot manage the device from an exterior interface?
> 
> I should hope they couldn't without the network administration actively doing something to permit them to. As we have discussed privately, a protocol that enables an entity outside my administrative domain to control equipment witin my administrative domain without my explicit authorization is a security issue.

That's right.  And the sentence is clear as it is written.  I misread it.

Mark

References:
- I-D.ietf-v6ops-cpe-simple-security-09
  - From: james woodyatt <jhw@apple.com>
- Re: I-D.ietf-v6ops-cpe-simple-security-09
  - From: Mark Baugher <mbaugher@cisco.com>
- Re: I-D.ietf-v6ops-cpe-simple-security-09
  - From: Fred Baker <fred@cisco.com>

Prev by Date: Re: I-D.ietf-v6ops-cpe-simple-security-09
Next by Date: Re: I-D.ietf-v6ops-cpe-simple-security-09
Previous by thread: RE: I-D.ietf-v6ops-cpe-simple-security-09
Next by thread: Re: I-D.ietf-v6ops-cpe-simple-security-09 - ICMP Error Messages
Index(es):
- Date
- Thread