Re: On saving end-to-end transparency (was: Re: I-D.ietf-v6ops-cpe-simple-security-09)

[Mohacsi Janos <mohacsi@niif.hu>]

On Mon, 22 Mar 2010, Gert Doering wrote:

> Hi,
>
> On Mon, Mar 22, 2010 at 08:32:38AM -0700, Fred Baker wrote:
> > That will have to be a working group decision. We have your opinion on the record.
> >
> > On Mar 22, 2010, at 8:25 AM, Mark Townsley wrote:
> >
> > > Let's err on the side of our ideals here. Publish draft-ietf-v6ops-cpe-simple-security, but do so without default-deny rules on by default. Let's not break end-to-end IPv6 before it even has a chance to grow up.
>
> Add another opinion to that.
>
> - have firewalling in there
> - default to "end-to-end communication permitted"

Yes to have the firewalling capabilities in CPE (reflective session state 
if you like)
Yes to be default end-to-end communication permitted - but could be 
switched to default to deny by the end users, if he or she prefers NAT 
like behaviour.

Best Regards,
		Janos Mohacsi