[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: simple security

To: Rémi Denis-Courmont <remi@remlab.net>
Subject: Re: simple security
From: Mark Townsley <townsley@cisco.com>
Date: Wed, 24 Mar 2010 16:19:51 +0100
Cc: Philip Homburg <pch-v6ops@u-1.phicoh.com>, v6ops@ops.ietf.org
In-reply-to: <201003241644.44652.remi@remlab.net>
References: <001501caca91$769511b0$63bf3510$@org> <4BA9F465.8060608@cisco.com> <m1NuQa9-0001dlC@stereo.hq.phicoh.net> <201003241644.44652.remi@remlab.net>
User-agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.1.8) Gecko/20100227 Thunderbird/3.0.3

On 3/24/10 3:44 PM, Rémi Denis-Courmont wrote:


To be fair, the firewall would have one positive effect: my device would not
need to wake up its radio interface when receiving bogus packets from the
Internet. Those packets would be dropped before they get to the air radio
interface. Personnally, I would in fact prefer firewall with hole punching
either to firewall without hole punching or to no firewall at all.

This use of a firewall is perfectly legitimate because it is the linkand interface itself that you are protecting. This is also illustrateshow the hole punching method of operation begins to look essentiallylike a distributed IP stack between two devices. Gosh, I wish we had one(and only one) of those hole-punching protocols ready to go at the timeof publishing this document.

Anyway, good technical point. Unfortunately, I don't see any discussionof this type in the current draft.


- Mark

References:
- simple security
  - From: "Lee Howard" <lee@asgard.org>
- Re: simple security
  - From: Mark Townsley <townsley@cisco.com>
- Re: simple security
  - From: Philip Homburg <pch-v6ops@u-1.phicoh.com>
- Re: simple security
  - From: "Rémi Denis-Courmont" <remi@remlab.net>

Prev by Date: Re: simple security
Next by Date: Re: On filibusters as a mode of technical discussion
Previous by thread: Re: simple security
Next by thread: Re: simple security
Index(es):
- Date
- Thread