RE: On saving end-to-end transparency (was: Re: I-D.ietf-v6ops-cpe-simple-security-09)

["STARK, BARBARA H (ATTLABS)" <bs7652@att.com>]

The real decision, IMO, is whether the IETF intends to provide an RFC
that describes *how* to do the reflective session state firewall thing
that is described in RFC 4864 Section 4.2. There really just needs to be
a decision, one way or another.

- If no, that's fine. But make that decision! And understand the
consequences: Other SDOs/documents that are referencing simple-security
will revert to a RFC 4864 Section 4.2 reference; the reflective session
state firewall will be widely implemented, but there will be little to
no consistency among those implementations.

- If yes, that's great. But make that decision, and move forward! And
don't try to play some sort of bait and switch game, like keep the
simple-security name but change it from describing a reflective session
state firewall to describing something else (like rate limiting). If the
IETF doesn't want to describe how to do reflective session state
firewalls, then kill simple-security and use a different name for
describing something different -- like easy-security.

The default discussion is irrelevant. Simple-security is being seen as a
how-to guide for doing a reflective session state IPv6 firewall.
Implementers will decide for themselves whether they want it on or off,
by default.

So, please, decide! Either let simple-security go forward, as a how-to
for a reflective session state IPv6 firewall (and nothing else), or kill
it.
Barbara