[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: raw thoughts on v6 firewalls

To: Rod.VanMeter@nokia.com
Subject: RE: raw thoughts on v6 firewalls
From: Pekka Savola <pekkas@netcore.fi>
Date: Thu, 19 Sep 2002 23:41:09 +0300 (EEST)
Cc: v6ops@ops.ietf.org
Delivery-date: Thu, 19 Sep 2002 13:41:37 -0700
Envelope-to: v6ops-data@psg.com

On Wed, 18 Sep 2002 Rod.VanMeter@nokia.com wrote:
> Unless I'm suffering total brain failure (never out of
> the question), every extension header is supposed to have
> the length in the same place, and one use is exactly that
> reason.

Not really, see other messages.

> Pekka, are there other v6-specific firewall issues, and is this
> the right place to discuss them?

Yes, but that is the most major issue (the same applies to some specific 
destination options too).

Others, not necessarily all IPv6-specific:

 - peer2peer recognition allow/disallow mechanism
 - need to be able to, in some cases, to be able to parse routing header 
or home-address option contents
 - the role of firewall in the presence of ESP-encrypted traffic

-- 
Pekka Savola                 "Tell me of difficulties surmounted,
Netcore Oy                   not those you stumble over and fall"
Systems. Networks. Security.  -- Robert Jordan: A Crown of Swords

Prev by Date: Re: unmanaged solutions comments
Next by Date: Re: unmanaged solutions comments
Previous by thread: RE: raw thoughts on v6 firewalls
Next by thread: Re: raw thoughts on v6 firewalls
Index(es):
- Date
- Thread