[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: On filibusters as a mode of technical discussion

To: Nick Hilliard <nick@inex.ie>
Subject: Re: On filibusters as a mode of technical discussion
From: bmanning@vacation.karoshi.com
Date: Wed, 24 Mar 2010 15:22:16 +0000
Cc: bmanning@vacation.karoshi.com, Fred Baker <fred@cisco.com>, IPv6 v6ops <v6ops@ops.ietf.org>
In-reply-to: <4BA9FC3A.4070803@inex.ie>
References: <4BA78BE7.6010005@cisco.com> <EA891983-B4D3-4687-A9E2-4DC95E61FA58@cisco.com> <20100324094859.GC6391@vacation.karoshi.com.> <4BA9FC3A.4070803@inex.ie>
User-agent: Mutt/1.4.1i

On Wed, Mar 24, 2010 at 11:49:14AM +0000, Nick Hilliard wrote:
> On 24/03/2010 09:48, bmanning@vacation.karoshi.com wrote:
> > if i may, if this draft was commissioned (by whom?) then it seems
> > prudent to also have a draft to descrbe a simple, stateful
> > default-accept firewall if only to provide a balanced choice. Otherwise
> > we (the IETF) end up with only a single choice defined and after all, if
> > there is only a single choice, what choice is there?
> 
> On this basis, could I suggest you rewrite the entire body of RFCs to
> include balanced choices where relevant?  E.g. we could have a BGP which by
> default wouldn't exchange any prefixes unless the
> PLEASE_EXCHANGE_PREFIXES_NO_REALLY capability was negotiated.  Or we have a
> TCP protocol which gave the option of not being able to transfer any data
> whatever (hey, don't criticise those people who don't want to transfer data
> - they have a legitimate point).  We could have an MPLS which came with the
> default option of forwarding tags to random next-hops, and a DNS
> specification which defaulted to answering NXDOMAIN to everything.  All
> balanced choices, and all as useful as providing a recommendation for
> default-accept stateful CPE firewalls.
> 
> Folks, can we apply the slightest shred of common sense to this discussion?
> 
> Nick

	Nick, that is silly.  There is precident here for publishing two
	varients; e.g. ISIS and OSPF.  As Fred pointed out, there are two
	camps, one which is passionate about default-deny as a means to 
	protect the great unwashed from bad things, and the other which
	sees default-deny as a capstone to stifle inovation and advancement.

	Personally, I have tools to run an IPsec VPN through both DNS and
	HTTP, so I don't really care if the IETF decides to lockdown and
	discard any traffic not on port 53 or port 80.  GoGo DPI!!!

	But I'd rather see a wider field open for inovation and development
	than stuffing everything into HTTP or DNS.  Just my 0.02 though.
	My point being made... I repsect Freds closing of the virtual mic.

--bill

Follow-Ups:
- Re: On filibusters as a mode of technical discussion
  - From: Nick Hilliard <nick@inex.ie>

References:
- On saving end-to-end transparency (was: Re: I-D.ietf-v6ops-cpe-simple-security-09)
  - From: Mark Townsley <townsley@cisco.com>
- On filibusters as a mode of technical discussion
  - From: Fred Baker <fred@cisco.com>
- Re: On filibusters as a mode of technical discussion
  - From: bmanning@vacation.karoshi.com
- Re: On filibusters as a mode of technical discussion
  - From: Nick Hilliard <nick@inex.ie>

Prev by Date: Re: simple security
Next by Date: Re: simple security
Previous by thread: Re: On filibusters as a mode of technical discussion
Next by thread: Re: On filibusters as a mode of technical discussion
Index(es):
- Date
- Thread