[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: I-D.ietf-v6ops-cpe-simple-security-09

To: Mark Townsley <townsley@cisco.com>
Subject: Re: I-D.ietf-v6ops-cpe-simple-security-09
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
Date: Sun, 21 Mar 2010 13:19:50 +1300
Cc: james woodyatt <jhw@apple.com>, IPv6 Operations <v6ops@ops.ietf.org>
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:organization:user-agent:mime-version:to:cc :subject:references:in-reply-to:content-type :content-transfer-encoding; b=nB3eHM+bliWzMaAo4Nrgt8AGsIjQ+/T8lQ/UZvG2IJZ9BVJCz+Mg8xOQYgGnmNED+t pZ91uCTi9xwso++drGIJ6oaLmw7FwAXqgW3khGasBnfCq95+PQy/kikvZQcjKYXmx7iX r5JATTIHY77kvQuD7cV3dVgN8avBP817kY9gY=
In-reply-to: <4BA522E8.7050504@cisco.com>
Organization: University of Auckland
References: <D6F5ACD2-EB43-477E-9F48-AC3EDB3F7EB4@apple.com> <4BA3BBCF.2090903@cisco.com> <4BA3D1B3.4010501@gmail.com> <4BA3DAAA.10000@cisco.com> <4BA40DD1.7080306@gmail.com> <6C168711-6A34-4487-9911-92766513183C@apple.com> <4BA522E8.7050504@cisco.com>
User-agent: Thunderbird 2.0.0.6 (Windows/20070728)

On 2010-03-21 08:32, Mark Townsley wrote:
> 
> On 3/20/10 1:32 AM, james woodyatt wrote:
>> On Mar 19, 2010, at 16:50, Brian E Carpenter wrote:
>>   
>>> But I'm afraid that the simplicity of 'default deny' has long
>>> ago won the hearts and minds of enterprise network managers.
>>>      
>> Sadly, enterprise network managers aren't the only people whose
>> legitimate interests are at stake in the matter under discussion.
>>    
> This document is clearly scoped in the first sentence of the
> Introduction to:
> 
> "gateway devices that enable delivery of Internet services in
> residential and small office settings."
> 
> So, I'm not sure why we are even considering enterprise network managers
> here.

Fair enough, but...
> 
> The networks themselves, the assets under protection, the types of
> applications, are quite different
> between and enterprise network and residential network.

Indeed. But ISPs that supply CPE to their customers are going to
assume that their customers are running unpatched insecure operating
systems at high risk of catching malware. So I think they are just as
likely as enterprise IT departments to favour default deny approaches.

    Brian
> 
> - Mark
>>
>> -- 
>> james woodyatt<jhw@apple.com>
>> member of technical staff, communications engineering
>>
>>
>>
>>
>>    
> 
> 
>

Follow-Ups:
- Re: I-D.ietf-v6ops-cpe-simple-security-09
  - From: Gert Doering <gert@space.net>
- Re: I-D.ietf-v6ops-cpe-simple-security-09
  - From: Mark Smith <ipng@69706e6720323030352d30312d31340a.nosense.org>

References:
- I-D.ietf-v6ops-cpe-simple-security-09
  - From: james woodyatt <jhw@apple.com>
- Re: I-D.ietf-v6ops-cpe-simple-security-09
  - From: Mark Townsley <townsley@cisco.com>
- Re: I-D.ietf-v6ops-cpe-simple-security-09
  - From: Brian E Carpenter <brian.e.carpenter@gmail.com>
- Re: I-D.ietf-v6ops-cpe-simple-security-09
  - From: Mark Townsley <townsley@cisco.com>
- Re: I-D.ietf-v6ops-cpe-simple-security-09
  - From: Brian E Carpenter <brian.e.carpenter@gmail.com>
- Re: I-D.ietf-v6ops-cpe-simple-security-09
  - From: james woodyatt <jhw@apple.com>
- Re: I-D.ietf-v6ops-cpe-simple-security-09
  - From: Mark Townsley <townsley@cisco.com>

Prev by Date: Re: I-D.ietf-v6ops-cpe-simple-security-09
Next by Date: Re: I-D.ietf-v6ops-cpe-simple-security-09
Previous by thread: Re: I-D.ietf-v6ops-cpe-simple-security-09
Next by thread: Re: I-D.ietf-v6ops-cpe-simple-security-09
Index(es):
- Date
- Thread