On Mar 20, 2010, at 18:00, Mark Smith wrote:
One thing that does seem to be missing from the draft is a specific list of threats it is attempting to mitigate i.e. a threat model.
RFC 4864 doesn't offer one, and its authors haven't offered much in the way of specifics to the discussion here or on the design team list. Perhaps, you'd like to offer a contribution?
The Overview contains my best attempt at explaining what considerations I think are really in play behind the CPE Simple Security recommendation. Here's what I think is the most relevant excerpt:
The stateful packet filtering behavior of NAT set user expectations that persist today with residential IPv6 service. "Local Network Protection for IPv6" [RFC4864] recommends applying stateful packet filtering at residential IPv6 gateways that conforms to the user expectations already in place.
In other words, we recommend filtering at the middlebox-- making IPv6 routers do filtering like IPv4/NAT gateways do-- because "defense in depth" is a virtue in and of itself, and that Internet users have come to expect it. Apparently, there's a consensus in IETF that this is enough reason to do it, and I strongly suspect that an explicit threat model might be inviting more controversy than anyone wants to endure.