[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: On saving end-to-end transparency

To: IPv6 v6ops <v6ops@ops.ietf.org>
Subject: Re: On saving end-to-end transparency
From: Rémi Després <remi.despres@free.fr>
Date: Tue, 23 Mar 2010 08:00:36 -0700
Cc: Gert Doering <gert@space.net>, Fred Baker <fred@cisco.com>, Mark Townsley <townsley@cisco.com>, Mohacsi Janos <mohacsi@niif.hu>
In-reply-to: <alpine.BSF.2.00.1003231426310.74067@mignon.ki.iif.hu>
References: <4BA78BE7.6010005@cisco.com> <D543E465-CC85-4F2E-B794-A7B457AA0D28@cisco.com> <20100322160911.GU69383@Space.Net> <alpine.BSF.2.00.1003231426310.74067@mignon.ki.iif.hu>

For information: the IPv6 we have here is WITHOUT any filter (confirmed by the IETF NOC).
Does anyone report a security problem ;-) ?
RD

 
Le 23 mars 2010 à 06:32, Mohacsi Janos a écrit :

> 
> 
> 
> On Mon, 22 Mar 2010, Gert Doering wrote:
> 
>> Hi,
>> 
>> On Mon, Mar 22, 2010 at 08:32:38AM -0700, Fred Baker wrote:
>>> That will have to be a working group decision. We have your opinion on the record.
>>> 
>>> On Mar 22, 2010, at 8:25 AM, Mark Townsley wrote:
>>> 
>>>> Let's err on the side of our ideals here. Publish draft-ietf-v6ops-cpe-simple-security, but do so without default-deny rules on by default. Let's not break end-to-end IPv6 before it even has a chance to grow up.
>> 
>> Add another opinion to that.
>> 
>> - have firewalling in there
>> - default to "end-to-end communication permitted"
> 
> Yes to have the firewalling capabilities in CPE (reflective session state if you like)
> Yes to be default end-to-end communication permitted - but could be switched to default to deny by the end users, if he or she prefers NAT like behaviour.
> 
> Best Regards,
> 		Janos Mohacsi
> 
>

Follow-Ups:
- Re: On saving end-to-end transparency
  - From: Marco Hogewoning <marcoh@marcoh.net>
- Re: On saving end-to-end transparency
  - From: Joel Jaeggli <joelja@bogus.com>
- Re: On saving end-to-end transparency
  - From: Mohacsi Janos <mohacsi@niif.hu>

References:
- On saving end-to-end transparency (was: Re: I-D.ietf-v6ops-cpe-simple-security-09)
  - From: Mark Townsley <townsley@cisco.com>
- Re: On saving end-to-end transparency (was: Re: I-D.ietf-v6ops-cpe-simple-security-09)
  - From: Fred Baker <fred@cisco.com>
- Re: On saving end-to-end transparency (was: Re: I-D.ietf-v6ops-cpe-simple-security-09)
  - From: Gert Doering <gert@space.net>
- Re: On saving end-to-end transparency (was: Re: I-D.ietf-v6ops-cpe-simple-security-09)
  - From: Mohacsi Janos <mohacsi@niif.hu>

Prev by Date: RE: simple security
Next by Date: Re: On saving end-to-end transparency
Previous by thread: Re: On saving end-to-end transparency (was: Re: I-D.ietf-v6ops-cpe-simple-security-09)
Next by thread: Re: On saving end-to-end transparency
Index(es):
- Date
- Thread