[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: draft-ietf-v6ops-ipv6-cpe-router-04

To: ipv6@ietf.org, IPv6 v6ops <v6ops@ops.ietf.org>
Subject: Re: draft-ietf-v6ops-ipv6-cpe-router-04
From: Mark Townsley <townsley@cisco.com>
Date: Fri, 26 Mar 2010 23:08:29 +0100
In-reply-to: <0FBE8CDC-EE01-48B3-A143-A26FAB3DBBF4@apple.com>
References: <!&!AAAAAAAAAAAuAAAAAAAAAKTyXRN5/+lGvU59a+P7CFMBAN6gY+ZG84BMpVQcAbDh1IQAAAATbSgAABAAAACInobc2K8lT7XDVmAN62sdAQAAAAA=@iname.com> <4BACC0C9.2080201@gmail.com> <750BF7861EBBE048B3E648B4BB6E8F4F124AFDA0@crexc50p> <03DB7B96-7A82-4D6E-9E9E-DB63798E1075@employees.org> <0FBE8CDC-EE01-48B3-A143-A26FAB3DBBF4@apple.com>
User-agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.1.8) Gecko/20100227 Thunderbird/3.0.3

On 3/26/10 6:33 PM, james woodyatt wrote:

[added V6OPS list]

On Mar 26, 2010, at 08:11, Ole Troan wrote:

Yeah, I think that after the bloody simple-security debates of the past
week, that many are amazed that anyone on this list was able to miss the
carnage. Anyway, the current CPE router draft has the following security
requirements in section 4.4:

  S-1:  The IPv6 CE router SHOULD support
        [I-D.ietf-v6ops-cpe-simple-security].

What does "support" mean?

I would like it to be very clear that "support" does not imply that itbe set to "transparent" or "non-transparent" mode by default, just thatthe functionality exist and be available to be turned on or off.


- Mark

  S-2:  The IPv6 CE router MUST support ingress filtering in accordance
        with [RFC2827](BCP 38)

The simple-security draft referenced in S-1 describes exactly what
you're asking for (IMO), only in much greater detail. So I think what
you're asking for is already in the cpe-router draft, and it would be a
good idea for you to look at the simple-security draft and provide
comments to it, if you think there's something missing.

indeed, apart from the fact that it does not/will not make any recommendation about default on or off.

If the editors of I-D.ietf-v6ops-ipv6-cpe-router would like to host the debate over whether or not to make such a recommendation, then that would make me very, very happy.  We could declare all such flames out of scope for the discussion to review I-D.ietf-v6ops-cpe-simple-security.  I might even consider bribing you with chocolates and fruit baskets if that would help.


--
james woodyatt<jhw@apple.com>
member of technical staff, communications engineering


--------------------------------------------------------------------
IETF IPv6 working group mailing list
ipv6@ietf.org
Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------

Follow-Ups:
- Re: draft-ietf-v6ops-ipv6-cpe-router-04
  - From: Ole Troan <otroan@employees.org>

References:
- Re: draft-ietf-v6ops-ipv6-cpe-router-04
  - From: james woodyatt <jhw@apple.com>

Prev by Date: I-D.ietf-v6ops-cpe-simple-security-10
Next by Date: Re: draft-ietf-v6ops-ipv6-cpe-router-04
Previous by thread: Re: draft-ietf-v6ops-ipv6-cpe-router-04
Next by thread: Re: draft-ietf-v6ops-ipv6-cpe-router-04
Index(es):
- Date
- Thread