Re: I-D Action:draft-ietf-v6ops-cpe-simple-security-11.txt

[Rémi Després <remi.despres@free.fr>]

Hi, James,

The current REC 43 says:

-"Gateways MUST provide an easily selected configuration option
  that permits a "transparent mode" of operation that forwards
  all unsolicited flows regardless of forwarding direction,
  i.e. to disable the IPv6 simple security capabilities of the
  gateway."

This seems to imply that, if a CPE supports the default simple security, it should have it enabled by default. 
In my understanding of what was agreed, each manufacturer would decide whether the default configuration would be "transparent mode" or not.

To reflect this, REC 43 could, for example, be:
-"Gateways that support simple security MUST  provide an easily selected configuration option that, if the default configuration has simple security enabled, permits a "transparent mode" of operation that forwards all unsolicited flows regardless of forwarding direction, or that, if the default configuration has "transparent mode" enabled, enables the filtering of unsolicited incoming flows." 

Regards,
RD