[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: On saving end-to-end transparency

To: Mohacsi Janos <mohacsi@niif.hu>
Subject: Re: On saving end-to-end transparency
From: Mark Townsley <townsley@cisco.com>
Date: Tue, 23 Mar 2010 17:42:27 +0100
Cc: Rémi Després <remi.despres@free.fr>, IPv6 v6ops <v6ops@ops.ietf.org>, Gert Doering <gert@space.net>, Fred Baker <fred@cisco.com>
In-reply-to: <alpine.BSF.2.00.1003231614360.74067@mignon.ki.iif.hu>
References: <4BA78BE7.6010005@cisco.com> <D543E465-CC85-4F2E-B794-A7B457AA0D28@cisco.com> <20100322160911.GU69383@Space.Net> <alpine.BSF.2.00.1003231426310.74067@mignon.ki.iif.hu> <F6008F79-C5C1-4DA9-8E52-94AB8A80DAB8@free.fr> <alpine.BSF.2.00.1003231614360.74067@mignon.ki.iif.hu>
User-agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.1.8) Gecko/20100227 Thunderbird/3.0.3

On 3/23/10 4:21 PM, Mohacsi Janos wrote:

For information: the IPv6 we have here is WITHOUT any filter(confirmed by the IETF NOC).
Does anyone report a security problem ;-) ?
Are there any possiblity to report security problems? You know, IETFfolks are more technically competent than the average home users. Theyknow what they are doing on their computers.

You give us *way* more credit than we deserve :-)

- Mark


I think there is still some needs to hide home network devices:
- no longer supported but know to be vulnerable devices, servers
- devices without access control
- etc.

Best Regards,
        Janos Mohacsi
Le 23 mars 2010 ? 06:32, Mohacsi Janos a écrit :
On Mon, 22 Mar 2010, Gert Doering wrote:
Hi,

On Mon, Mar 22, 2010 at 08:32:38AM -0700, Fred Baker wrote:
That will have to be a working group decision. We have youropinion on the record.
On Mar 22, 2010, at 8:25 AM, Mark Townsley wrote:
Let's err on the side of our ideals here. Publishdraft-ietf-v6ops-cpe-simple-security, but do so withoutdefault-deny rules on by default. Let's not break end-to-end IPv6before it even has a chance to grow up.
Add another opinion to that.

- have firewalling in there
- default to "end-to-end communication permitted"
Yes to have the firewalling capabilities in CPE (reflective sessionstate if you like)Yes to be default end-to-end communication permitted - but could beswitched to default to deny by the end users, if he or she prefersNAT like behaviour.
Best Regards,
        Janos Mohacsi

References:
- On saving end-to-end transparency (was: Re: I-D.ietf-v6ops-cpe-simple-security-09)
  - From: Mark Townsley <townsley@cisco.com>
- Re: On saving end-to-end transparency (was: Re: I-D.ietf-v6ops-cpe-simple-security-09)
  - From: Fred Baker <fred@cisco.com>
- Re: On saving end-to-end transparency (was: Re: I-D.ietf-v6ops-cpe-simple-security-09)
  - From: Gert Doering <gert@space.net>
- Re: On saving end-to-end transparency (was: Re: I-D.ietf-v6ops-cpe-simple-security-09)
  - From: Mohacsi Janos <mohacsi@niif.hu>
- Re: On saving end-to-end transparency
  - From: Rémi Després <remi.despres@free.fr>
- Re: On saving end-to-end transparency
  - From: Mohacsi Janos <mohacsi@niif.hu>

Prev by Date: On filibusters as a mode of technical discussion
Next by Date: Re: simple security
Previous by thread: Re: On saving end-to-end transparency
Next by thread: Re: On saving end-to-end transparency
Index(es):
- Date
- Thread