Re: Security of devices other than the Gateway (was Re: simple security)

[Roman.Arcea@orange.md]

> I don't really see an incentive for device engineers to put proper security

> into "dumb" devices if there is no spec - they are used to letting

> the "magic of NAT" take care of this.

>

>Agreed. If the applications (or devices built for a specific

>application) were a bit more aware of the scooping of an IPv6 address,

>perhaps they could use this for better security, not to mention ease of

>use.

As in the simple-security the SOHO users are concerned, could it make sense to give them the opportunity to define the scope of both the CPE and the end user equipment?

In case of NAS, considering that some sort of initial config might be needed, a Home Mode vs Internet Mode might make sense.

The same thing with the CPE, a dropdown with Home Mode (to connect NAS devices for example), Internet Protected Mode (for those who want simple security), Internet Unprotected Mode (for no security), under each wire port could make the feature easy to market.
It is a little bit more complex with wireless connectivity in the CPE alone as it would require the user to somehow define the device scope manually, which is not the way things should work. I could think about using different SSIDs but that does not sound smooth either.

Roman