[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IPv6-PMP?

To: Christian Huitema <huitema@windows.microsoft.com>
Subject: Re: IPv6-PMP?
From: Thomas Narten <narten@us.ibm.com>
Date: Thu, 12 Apr 2007 22:08:30 -0400
Cc: james woodyatt <jhw@apple.com>, v6ops@ops.ietf.org
In-reply-to: <70C6EFCDFC8AAD418EF7063CD132D06404352E36@WIN-MSG-21.wingroup.windeploy.ntdev.microsoft.com>
References: <E1H56s6-0007us-HB@stiedprstage1.ietf.org> <200704111052.05934@auguste.remlab.net> <F26D69F6-8BEE-4D3D-A5B4-C730E9975DA1@apple.com> <200704112214.30985@auguste.remlab.net> <F65A3EA3-3E07-4C63-A4FF-C94832D556FC@apple.com> <70C6EFCDFC8AAD418EF7063CD132D06404352E36@WIN-MSG-21.wingroup.windeploy.ntdev.microsoft.com>

> In any case, the BEHAVE working group is chartered to deal with this
> issue, and would be a better place for the discussion.

Is it? Seems to me the IETF has historically shied away from firewall
configuration and recommendation issues.

Consider for instance the recent draft NIST IPv6 profiles
(http://www.antd.nist.gov/usgv6-v1-comments.html). They had to make up
their own "Network Protection Device" profile because there wasn't
anything from the IETF they could cite.

Given that reality that home gateways sitting on broadband links
_will_ have firewalls in them, and they _will_ be enabled by default,
maybe we should (even at this late date) try to rectify things for
IPv6.

As much as I am no fan of NAT, NAT is made even worse by the lack of
standards and predictability in what has been deployed.

Will we see the same with firewalls? This is an important question,
given that a premise of IPv6 is to restore end-to-end addressing. We
won't see that if firewalls effectively block all inbound connections
by default.

Thomas

Follow-Ups:
- Re: IPv6-PMP?
  - From: james woodyatt <jhw@apple.com>
- Re: IPv6-PMP?
  - From: james woodyatt <jhw@apple.com>

References:
- I-D ACTION:draft-ietf-v6ops-nap-06.txt
  - From: Internet-Drafts@ietf.org
- Re: IPv6-PMP?
  - From: Rémi Denis-Courmont <rdenis@simphalempin.com>
- Re: IPv6-PMP?
  - From: james woodyatt <jhw@apple.com>
- Re: IPv6-PMP?
  - From: Rémi Denis-Courmont <rdenis@simphalempin.com>
- Re: IPv6-PMP?
  - From: james woodyatt <jhw@apple.com>
- RE: IPv6-PMP?
  - From: Christian Huitema <huitema@windows.microsoft.com>

Prev by Date: common issues in BEHAVE and V6OPS
Next by Date: Re: IPv6-PMP?
Previous by thread: Re: IPv6-PMP?
Next by thread: Re: IPv6-PMP?
Index(es):
- Date
- Thread