[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: I-D.ietf-v6ops-cpe-simple-security-09

To: Gert Doering <gert@space.net>
Subject: Re: I-D.ietf-v6ops-cpe-simple-security-09
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
Date: Mon, 22 Mar 2010 06:29:01 +1300
Cc: Mark Townsley <townsley@cisco.com>, james woodyatt <jhw@apple.com>, IPv6 Operations <v6ops@ops.ietf.org>
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:organization:user-agent:mime-version:to:cc :subject:references:in-reply-to:content-type :content-transfer-encoding; b=Wetm5pI8oEabJoXdVBDDB0LlZKquundZVBFYJ3345o39+XY8GqhhvY6ePVQTW92QoF jcBq5lTNfcqvoZVLTIGU307XKAdEw8Lk34mW27QPzFCWbUMpP3kReSzxkT4jjlDKELfA Dj5QeoGyiHoqP3+Kk/AlppVNJjhJaPbf3LbvU=
In-reply-to: <20100321133831.GL69383@Space.Net>
Organization: University of Auckland
References: <D6F5ACD2-EB43-477E-9F48-AC3EDB3F7EB4@apple.com> <4BA3BBCF.2090903@cisco.com> <4BA3D1B3.4010501@gmail.com> <4BA3DAAA.10000@cisco.com> <4BA40DD1.7080306@gmail.com> <6C168711-6A34-4487-9911-92766513183C@apple.com> <4BA522E8.7050504@cisco.com> <4BA56626.20606@gmail.com> <20100321133831.GL69383@Space.Net>
User-agent: Thunderbird 2.0.0.6 (Windows/20070728)

On 2010-03-22 02:38, Gert Doering wrote:
> Hi,
> 
> On Sun, Mar 21, 2010 at 01:19:50PM +1300, Brian E Carpenter wrote:
>> Indeed. But ISPs that supply CPE to their customers are going to
>> assume that their customers are running unpatched insecure operating
>> systems at high risk of catching malware. So I think they are just as
>> likely as enterprise IT departments to favour default deny approaches.
> 
> We're not.
> 
> We provide *Internet* services.  Not "walled garden" services.
> 
> If the customer wants firewall protection, we're happy to sell it to them,
> but the default package they get is "Internet".  Packets transported from
> A to B and vice versa, and we're not maing their packets unhappy unless they
> tell us so.

I applaud that and it's what I want from my ISP. My comment is that
I don't see this as a universal approach.

So, I'm wondering what's really wrong with:

  REC-41  Gateways MUST provide an easily selected configuration option
      that permits operation in a mode that forwards all unsolicited
      flows regardless of forwarding direction.

 - Brian

Follow-Ups:
- Re: I-D.ietf-v6ops-cpe-simple-security-09
  - From: Mark Townsley <townsley@cisco.com>
- Re: I-D.ietf-v6ops-cpe-simple-security-09
  - From: Mark Smith <ipng@69706e6720323030352d30312d31340a.nosense.org>

References:
- I-D.ietf-v6ops-cpe-simple-security-09
  - From: james woodyatt <jhw@apple.com>
- Re: I-D.ietf-v6ops-cpe-simple-security-09
  - From: Mark Townsley <townsley@cisco.com>
- Re: I-D.ietf-v6ops-cpe-simple-security-09
  - From: Brian E Carpenter <brian.e.carpenter@gmail.com>
- Re: I-D.ietf-v6ops-cpe-simple-security-09
  - From: Mark Townsley <townsley@cisco.com>
- Re: I-D.ietf-v6ops-cpe-simple-security-09
  - From: Brian E Carpenter <brian.e.carpenter@gmail.com>
- Re: I-D.ietf-v6ops-cpe-simple-security-09
  - From: james woodyatt <jhw@apple.com>
- Re: I-D.ietf-v6ops-cpe-simple-security-09
  - From: Mark Townsley <townsley@cisco.com>
- Re: I-D.ietf-v6ops-cpe-simple-security-09
  - From: Brian E Carpenter <brian.e.carpenter@gmail.com>
- Re: I-D.ietf-v6ops-cpe-simple-security-09
  - From: Gert Doering <gert@space.net>

Prev by Date: Re: I-D.ietf-v6ops-cpe-simple-security-09
Next by Date: Re: Proposed agenda for IPv6 Operations - IETF 77
Previous by thread: Re: I-D.ietf-v6ops-cpe-simple-security-09
Next by thread: Re: I-D.ietf-v6ops-cpe-simple-security-09
Index(es):
- Date
- Thread