Re: draft-ietf-v6ops-ipv6-cpe-router-04

[james woodyatt <jhw@apple.com>]

[added V6OPS list]

On Mar 26, 2010, at 08:11, Ole Troan wrote:

>> Yeah, I think that after the bloody simple-security debates of the past
>> week, that many are amazed that anyone on this list was able to miss the
>> carnage. Anyway, the current CPE router draft has the following security
>> requirements in section 4.4:
>> 
>>  S-1:  The IPv6 CE router SHOULD support
>>        [I-D.ietf-v6ops-cpe-simple-security].
>> 
>>  S-2:  The IPv6 CE router MUST support ingress filtering in accordance
>>        with [RFC2827](BCP 38)
>> 
>> The simple-security draft referenced in S-1 describes exactly what
>> you're asking for (IMO), only in much greater detail. So I think what
>> you're asking for is already in the cpe-router draft, and it would be a
>> good idea for you to look at the simple-security draft and provide
>> comments to it, if you think there's something missing. 
> 
> indeed, apart from the fact that it does not/will not make any recommendation about default on or off.

If the editors of I-D.ietf-v6ops-ipv6-cpe-router would like to host the debate over whether or not to make such a recommendation, then that would make me very, very happy.  We could declare all such flames out of scope for the discussion to review I-D.ietf-v6ops-cpe-simple-security.  I might even consider bribing you with chocolates and fruit baskets if that would help.


--
james woodyatt <jhw@apple.com>
member of technical staff, communications engineering