[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: On saving end-to-end transparency

To: Rémi Després <remi.despres@free.fr>
Subject: Re: On saving end-to-end transparency
From: Mohacsi Janos <mohacsi@niif.hu>
Date: Tue, 23 Mar 2010 16:21:03 +0100 (CET)
Cc: IPv6 v6ops <v6ops@ops.ietf.org>, Gert Doering <gert@space.net>, Fred Baker <fred@cisco.com>, Mark Townsley <townsley@cisco.com>
In-reply-to: <F6008F79-C5C1-4DA9-8E52-94AB8A80DAB8@free.fr>
References: <4BA78BE7.6010005@cisco.com> <D543E465-CC85-4F2E-B794-A7B457AA0D28@cisco.com> <20100322160911.GU69383@Space.Net> <alpine.BSF.2.00.1003231426310.74067@mignon.ki.iif.hu> <F6008F79-C5C1-4DA9-8E52-94AB8A80DAB8@free.fr>
User-agent: Alpine 2.00 (BSF 1167 2008-08-23)

For information: the IPv6 we have here is WITHOUT any filter (confirmed by the IETF NOC).
Does anyone report a security problem ;-) ?

Are there any possiblity to report security problems? You know, IETF folksare more technically competent than the average home users. They know whatthey are doing on their computers.


I think there is still some needs to hide home network devices:
- no longer supported but know to be vulnerable devices, servers
- devices without access control
- etc.


Best Regards,
		Janos Mohacsi



Le 23 mars 2010 ? 06:32, Mohacsi Janos a écrit :




On Mon, 22 Mar 2010, Gert Doering wrote:

Hi,

On Mon, Mar 22, 2010 at 08:32:38AM -0700, Fred Baker wrote:

That will have to be a working group decision. We have your opinion on the record.

On Mar 22, 2010, at 8:25 AM, Mark Townsley wrote:

Let's err on the side of our ideals here. Publish draft-ietf-v6ops-cpe-simple-security, but do so without default-deny rules on by default. Let's not break end-to-end IPv6 before it even has a chance to grow up.


Add another opinion to that.

- have firewalling in there
- default to "end-to-end communication permitted"


Yes to have the firewalling capabilities in CPE (reflective session state if you like)
Yes to be default end-to-end communication permitted - but could be switched to default to deny by the end users, if he or she prefers NAT like behaviour.

Best Regards,
		Janos Mohacsi

Follow-Ups:
- Re: On saving end-to-end transparency
  - From: Mark Townsley <townsley@cisco.com>
- Re: On saving end-to-end transparency
  - From: Joel Jaeggli <joelja@bogus.com>

References:
- On saving end-to-end transparency (was: Re: I-D.ietf-v6ops-cpe-simple-security-09)
  - From: Mark Townsley <townsley@cisco.com>
- Re: On saving end-to-end transparency (was: Re: I-D.ietf-v6ops-cpe-simple-security-09)
  - From: Fred Baker <fred@cisco.com>
- Re: On saving end-to-end transparency (was: Re: I-D.ietf-v6ops-cpe-simple-security-09)
  - From: Gert Doering <gert@space.net>
- Re: On saving end-to-end transparency (was: Re: I-D.ietf-v6ops-cpe-simple-security-09)
  - From: Mohacsi Janos <mohacsi@niif.hu>
- Re: On saving end-to-end transparency
  - From: Rémi Després <remi.despres@free.fr>

Prev by Date: Re: On saving end-to-end transparency
Next by Date: Re: On saving end-to-end transparency
Previous by thread: Re: On saving end-to-end transparency
Next by thread: Re: On saving end-to-end transparency
Index(es):
- Date
- Thread