draft-ietf-v6ops-cpe-simple-security-12 - default behavior

[Rémi Després <remi.despres@free.fr>]

Hi, James and Fred,

The mail below apparently didn't receive much attention.
Yet, the subject is IMHO important.
We all recognized in Anaheim that, concerning IPv6, some people prefer NAT44-like filtering to e2e transparency, and some other people prefer e2e transparency.
The consensus as I remember it was that vendors would be free to choose the default behavior one way or another.

In my understanding, the proposed wording below (or something equivalent) would express more accurately that consensus.

Regards,
RD


Début du message réexpédié :

> De : Rémi Després <remi.despres@free.fr>
> Date : 22 juin 2010 15:28:53 HAEC
> À : James Woodyatt <jhw@apple.com>
> Cc : IPv6 v6ops <v6ops@ops.ietf.org>
> Objet : Rép : I-D Action:draft-ietf-v6ops-cpe-simple-security-11.txt 
> 
> Hi, James,
> 
> The current REC 43 says:
> 
> -"Gateways MUST provide an easily selected configuration option
>  that permits a "transparent mode" of operation that forwards
>  all unsolicited flows regardless of forwarding direction,
>  i.e. to disable the IPv6 simple security capabilities of the
>  gateway."
> 
> This seems to imply that, if a CPE supports the default simple security, it should have it enabled by default. 
> In my understanding of what was agreed, each manufacturer would decide whether the default configuration would be "transparent mode" or not.
> 
> To reflect this, REC 43 could, for example, be:
> -"Gateways that support simple security MUST  provide an easily selected configuration option that, if the default configuration has simple security enabled, permits a "transparent mode" of operation that forwards all unsolicited flows regardless of forwarding direction, or that, if the default configuration has "transparent mode" enabled, enables the filtering of unsolicited incoming flows." 
> 
> Regards,
> RD
> 
> 
>