|
Eee! No! I disagree completely. It is clear to me that there is
no consensus within the IETF as to what such a default will be. I don’t
see this changing. Therefore, there should be no default recommendation in
either simple-security or cpe-router. Vendors and service providers are
perfectly capable of deciding for themselves what default they want. If the
IETF did manage to make a recommendation, I suspect that probably half of the
vendors and service providers would choose to ignore that recommendation, no
matter which way it went. Default enabled/disabled needs to be completely and
totally out of scope for both documents. As for the sentence that Ole recommended adding (“Enabling
or disabling this functionality MUST be user configurable.”),
that is (IMO) completely redundant with text that already exists inside
simple-security: REC-41:
Gateways MUST provide an easily selected configuration option that permits a
"transparent mode" of operation that forwards all unsolicited
flows regardless of forwarding direction, i.e. to disable the IPv6 simple
security capabilities of the gateway. Therefore, the additional sentence is unnecessary. Support means support. In general, the more words that get added
to try to restate the same thing, over and over again, because you’re
worried people might not interpret the first set of words per your intent, the
more likely it is that you will confuse people and cause them to misinterpret
your intent. To me, the original text is simple, concise, and says exactly what
it needs to say. Barbara <snip> Mark also commented on
what does one mean by "support" in his email. But now the bullet seems
to need more work because soon as one says a feature is configurable, the next
question others will ask is, "well, what's the default"?
So here is a little
more modified text suggestion from me for the relevant bullet. S-1: The
IPv6 CE router SHOULD implement [I-D.ietf-v6ops-cpe-simple-security]. Enabling or disabling the
security functionality
MUST be user configurable. The default for whether simple security is enabled or
disabled is
specified in
I-D.ietf-v6ops-cpe-simple-security]. Now so we have
single source to reference our bullet's properties from; the source being the
I-D.ietf-v6ops-cpe-simple-security.
Now it's up to v6ops as a WG to nail down which of enabled or disabled is the default in the
I-D.ietf-v6ops-cpe-simple-security.document. Hemant </snip> |