[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: simple security
Gert,
I am not sure that denying incoming server sessions be default will inhibit all of those activities. It will inhibit unwanted file sharing, e.g., turning my machine into a child pornography web host. My wireless router has these filters on by default now. IMHO, it makes sense to provide the consumer with the same level of security they have with IPv4.
As to home users accessing professionally developed web servers, you are correct that we do not need IPv6 for that; however, we do need UGA to allow those users to employ advanced security features, e.g., DNS SEC.
Best Regards,
Jeffrey Dunn
Info Systems Eng., Lead
MITRE Corporation.
(301) 448-6965 (mobile)
-----Original Message-----
From: Gert Doering [mailto:gert@Space.Net]
Sent: Tuesday, March 23, 2010 10:49 AM
To: Dunn, Jeffrey H.
Cc: Lee Howard; v6ops@ops.ietf.org
Subject: Re: simple security
Hi,
On Tue, Mar 23, 2010 at 10:39:17AM -0400, Dunn, Jeffrey H. wrote:
> Specifically, if home networks are not supporting servers, e.g.,
> web sites, then there is no need to allows sessions associated with
> servers to be initiated by Internet hosts.
Have you heard the term "peer-to-peer networking" mentioned before?
If all we want is "people can go from their home to web servers run by
professionals!!" then we don't need IPv6.
The whole point of having a new protocol is to restore end-to-end
communication - and that includes "people in their home" - VoIP, file
sharing, online gaming (without a server run in someone's data centre),
etc. - and if you put a deny-by-default firewall in their way, all
this won't work.
Gert Doering
-- NetMaster
--
Total number of prefixes smaller than registry allocations: 150584
SpaceNet AG Vorstand: Sebastian v. Bomhard
Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann
D-80807 Muenchen HRB: 136055 (AG Muenchen)
Tel: +49 (89) 32356-444 USt-IdNr.: DE813185279