[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: On saving end-to-end transparency

To: Mohacsi Janos <mohacsi@niif.hu>
Subject: Re: On saving end-to-end transparency
From: Joel Jaeggli <joelja@bogus.com>
Date: Tue, 23 Mar 2010 08:28:52 -0700
Cc: RÃmi DesprÃs <remi.despres@free.fr>, IPv6 v6ops <v6ops@ops.ietf.org>, Gert Doering <gert@space.net>, Fred Baker <fred@cisco.com>, Mark Townsley <townsley@cisco.com>
In-reply-to: <alpine.BSF.2.00.1003231614360.74067@mignon.ki.iif.hu>
References: <4BA78BE7.6010005@cisco.com> <D543E465-CC85-4F2E-B794-A7B457AA0D28@cisco.com> <20100322160911.GU69383@Space.Net> <alpine.BSF.2.00.1003231426310.74067@mignon.ki.iif.hu> <F6008F79-C5C1-4DA9-8E52-94AB8A80DAB8@free.fr> <alpine.BSF.2.00.1003231614360.74067@mignon.ki.iif.hu>
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.8) Gecko/20100316 Lightning/1.0b1 Thunderbird/3.0.3


On 03/23/2010 08:21 AM, Mohacsi Janos wrote:
> 
> 
> 
> 
>> For information: the IPv6 we have here is WITHOUT any filter
>> (confirmed by the IETF NOC).
>> Does anyone report a security problem ;-) ?
> 
> Are there any possiblity to report security problems? You know, IETF
> folks are more technically competent than the average home users. They
> know what they are doing on their computers.

hah you're funny. No they don't.

> I think there is still some needs to hide home network devices:
> - no longer supported but know to be vulnerable devices, servers
> - devices without access control
> - etc.
> 
> 
> Best Regards,
>         Janos Mohacsi
> 
>>
>>
>> Le 23 mars 2010 ? 06:32, Mohacsi Janos a Ãcrit :
>>
>>>
>>>
>>>
>>> On Mon, 22 Mar 2010, Gert Doering wrote:
>>>
>>>> Hi,
>>>>
>>>> On Mon, Mar 22, 2010 at 08:32:38AM -0700, Fred Baker wrote:
>>>>> That will have to be a working group decision. We have your opinion
>>>>> on the record.
>>>>>
>>>>> On Mar 22, 2010, at 8:25 AM, Mark Townsley wrote:
>>>>>
>>>>>> Let's err on the side of our ideals here. Publish
>>>>>> draft-ietf-v6ops-cpe-simple-security, but do so without
>>>>>> default-deny rules on by default. Let's not break end-to-end IPv6
>>>>>> before it even has a chance to grow up.
>>>>
>>>> Add another opinion to that.
>>>>
>>>> - have firewalling in there
>>>> - default to "end-to-end communication permitted"
>>>
>>> Yes to have the firewalling capabilities in CPE (reflective session
>>> state if you like)
>>> Yes to be default end-to-end communication permitted - but could be
>>> switched to default to deny by the end users, if he or she prefers
>>> NAT like behaviour.
>>>
>>> Best Regards,
>>>         Janos Mohacsi
>>>
>>>
>>
>>
>>

References:
- On saving end-to-end transparency (was: Re: I-D.ietf-v6ops-cpe-simple-security-09)
  - From: Mark Townsley <townsley@cisco.com>
- Re: On saving end-to-end transparency (was: Re: I-D.ietf-v6ops-cpe-simple-security-09)
  - From: Fred Baker <fred@cisco.com>
- Re: On saving end-to-end transparency (was: Re: I-D.ietf-v6ops-cpe-simple-security-09)
  - From: Gert Doering <gert@space.net>
- Re: On saving end-to-end transparency (was: Re: I-D.ietf-v6ops-cpe-simple-security-09)
  - From: Mohacsi Janos <mohacsi@niif.hu>
- Re: On saving end-to-end transparency
  - From: Rémi Després <remi.despres@free.fr>
- Re: On saving end-to-end transparency
  - From: Mohacsi Janos <mohacsi@niif.hu>

Prev by Date: Re: On saving end-to-end transparency
Next by Date: Re: On saving end-to-end transparency
Previous by thread: Re: On saving end-to-end transparency
Next by thread: Re: On saving end-to-end transparency
Index(es):
- Date
- Thread