[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: draft-ietf-v6ops-cpe-simple-security-12.txt feedback

To: Toerless Eckert <eckert@cisco.com>
Subject: Re: draft-ietf-v6ops-cpe-simple-security-12.txt feedback
From: james woodyatt <jhw@apple.com>
Date: Fri, 6 Aug 2010 11:31:32 -0700
Cc: IPv6 Operations <v6ops@ops.ietf.org>, mboned@ietf.org
In-reply-to: <20100728080009.GZ26000@cisco.com>
References: <20100728072319.GU26000@cisco.com> <430696D0-EA0E-438A-B46F-D6DCD00652E0@apple.com> <20100728080009.GZ26000@cisco.com>

On Jul 28, 2010, at 01:00, Toerless Eckert wrote:
> 
> Not quite sure what you mean. I would like application meant to be written
> for home/SMB networks to be written to use at most site-local IPv6 multicast
> group address scopes.

That's not in the ambit of the draft.

The draft recommends a DEFAULT multicast scope boundary of organization-local because we think it will be very rare for a subscriber and their service provider to be separate sites within the *same* organization, and moreover, we do not think that the DEFAULT should be set so that subscribers are all expected to be within the same organization unless they actively take steps to separate themselves by reconfiguring the multicast scope boundary.

Setting the DEFAULT multicast scope boundary to site-local, instead of organization-local, would be profoundly wrong-headed.  I would object vigorously to making the change to the draft you propose.

> When such an application is then put into an
> enterprise network it is most likely to work comparably because it will
> be constrained to a site of the enterprise, like an office, which although
> usually larger in size than todays home networks, will still be sufficiently
> small in size to make ASM application fairly well workable.

I get that you're worried about application developers who are unsure what multicast scope to use, and who might see this document and mistakenly think, "Hey! I better use organization-local scope so I get the widest distribution possible in home networks without extending beyond residential gateway."  But those application developers are A) mistaken, B) not our problem, and C) unsolvable.

Any developer who uses organization-local multicast scope when they really mean to use site-local, or vice-versa, is just plain wrong.  If a routed internetwork at a residential subscriber contains site-local multicast scope boundaries, then we must assume the subscriber put them there for a reason.  We also have to expect that developers who are careless about choosing the right multicast scope will be corrected by other mechanisms than the functions of IPv6 CPE Simple Security.

> I am not sure where the expectation was raised that application for
> home networks/SMB should default to Organizational-Local scope.

I don't know where you acquired that expectation either.  It's certainly not in the draft.

--
james woodyatt <jhw@apple.com>
member of technical staff, communications engineering

Follow-Ups:
- Re: draft-ietf-v6ops-cpe-simple-security-12.txt feedback
  - From: Fred Baker <fred@cisco.com>

References:
- Re: draft-ietf-v6ops-cpe-simple-security-12.txt feedback
  - From: james woodyatt <jhw@apple.com>

Prev by Date: Re: Avoiding the terminology confusion with NAT66
Next by Date: Re: [MBONED] draft-ietf-v6ops-cpe-simple-security-12.txt feedback
Previous by thread: Re: draft-ietf-v6ops-cpe-simple-security-12.txt feedback
Next by thread: Re: draft-ietf-v6ops-cpe-simple-security-12.txt feedback
Index(es):
- Date
- Thread