[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: On saving end-to-end transparency

To: RÃmi DesprÃs <remi.despres@free.fr>
Subject: Re: On saving end-to-end transparency
From: Joel Jaeggli <joelja@bogus.com>
Date: Tue, 23 Mar 2010 08:25:23 -0700
Cc: IPv6 v6ops <v6ops@ops.ietf.org>, Gert Doering <gert@space.net>, Fred Baker <fred@cisco.com>, Mark Townsley <townsley@cisco.com>, Mohacsi Janos <mohacsi@niif.hu>
In-reply-to: <F6008F79-C5C1-4DA9-8E52-94AB8A80DAB8@free.fr>
References: <4BA78BE7.6010005@cisco.com> <D543E465-CC85-4F2E-B794-A7B457AA0D28@cisco.com> <20100322160911.GU69383@Space.Net> <alpine.BSF.2.00.1003231426310.74067@mignon.ki.iif.hu> <F6008F79-C5C1-4DA9-8E52-94AB8A80DAB8@free.fr>
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.8) Gecko/20100316 Lightning/1.0b1 Thunderbird/3.0.3

you've got ipv4 without a filter... also there's about 2000 unmanaged
devices inside the perimeter.

On 03/23/2010 08:00 AM, RÃmi DesprÃs wrote:
> For information: the IPv6 we have here is WITHOUT any filter (confirmed by the IETF NOC).
> Does anyone report a security problem ;-) ?
> RD
> 
>  
> Le 23 mars 2010 Ã 06:32, Mohacsi Janos a Ãcrit :
> 
>>
>>
>>
>> On Mon, 22 Mar 2010, Gert Doering wrote:
>>
>>> Hi,
>>>
>>> On Mon, Mar 22, 2010 at 08:32:38AM -0700, Fred Baker wrote:
>>>> That will have to be a working group decision. We have your opinion on the record.
>>>>
>>>> On Mar 22, 2010, at 8:25 AM, Mark Townsley wrote:
>>>>
>>>>> Let's err on the side of our ideals here. Publish draft-ietf-v6ops-cpe-simple-security, but do so without default-deny rules on by default. Let's not break end-to-end IPv6 before it even has a chance to grow up.
>>>
>>> Add another opinion to that.
>>>
>>> - have firewalling in there
>>> - default to "end-to-end communication permitted"
>>
>> Yes to have the firewalling capabilities in CPE (reflective session state if you like)
>> Yes to be default end-to-end communication permitted - but could be switched to default to deny by the end users, if he or she prefers NAT like behaviour.
>>
>> Best Regards,
>> 		Janos Mohacsi
>>
>>
> 
> 
>

References:
- On saving end-to-end transparency (was: Re: I-D.ietf-v6ops-cpe-simple-security-09)
  - From: Mark Townsley <townsley@cisco.com>
- Re: On saving end-to-end transparency (was: Re: I-D.ietf-v6ops-cpe-simple-security-09)
  - From: Fred Baker <fred@cisco.com>
- Re: On saving end-to-end transparency (was: Re: I-D.ietf-v6ops-cpe-simple-security-09)
  - From: Gert Doering <gert@space.net>
- Re: On saving end-to-end transparency (was: Re: I-D.ietf-v6ops-cpe-simple-security-09)
  - From: Mohacsi Janos <mohacsi@niif.hu>
- Re: On saving end-to-end transparency
  - From: Rémi Després <remi.despres@free.fr>

Prev by Date: Re: On saving end-to-end transparency
Next by Date: Re: On saving end-to-end transparency
Previous by thread: Re: On saving end-to-end transparency
Next by thread: Re: On saving end-to-end transparency
Index(es):
- Date
- Thread