Re: IPv6-PMP?

[james woodyatt <jhw@apple.com>]

On Apr 12, 2007, at 19:08, Thomas Narten wrote:
> Will we see the same with firewalls? This is an important question,  
> given that a premise of IPv6 is to restore end-to-end addressing.  
> We won't see that if firewalls effectively block all inbound  
> connections by default.

Is now a good time to suggest that perhaps one of the currently  
reserved bits in the ICMPv6 router advertisement should be consumed  
now to signal to nodes that the advertising router comprises a  
network policy enforcement point?  I see that draft-ietf-ipv6-2461bis  
is already in the RFC Editor's queue, but perhaps it could be yanked  
out and subjected to further revision.  If we do this, then nodes  
could at least know that inbound flow initiations might be  
administratively prohibited.  It would also clearly mark any routers  
that enforce policy without setting the "policy enforcement" bit in  
their router advertisements as non-compliant with the IPv6 standard.


--
j h woodyatt <jhw@apple.com>