Jeroen Massar wrote:
Jun-ichiro itojun Hagino wrote:on CPE equipments and stateful filters.[..]i do not disagree with "we need stateful filter implementations". but i suggest that we need to be REAL careful about the default settings. otherwise your cellphone that have roamed into your home network, and/or TiVo device, cannot be used from the outside. (i dislike UPnP, yeah)I am actually starting to believe that we really need a secure protocol ala uPnP for requesting 'privileges' for sending packets over a network border, current NAT boxes/gateways.
So who do we ask for these privileges?The OS? Well that already has veto privileges, and as past history shows it's easily circumvented.
The end users CPE? A dinky little device with no real UI other than perhaps a web server and no way to beg for extra help. (What's it going to do? blink a light at me to say it doesn't like something? Besides it's locked in a cupboard, do I have to walk to the other end of the house to see if it's unhappy?)
The end users CPE could ask the ISP, is the ISP really going to want to take the responsibility of authorising every single transaction on the Internet? Are they going to be in a position to understand what the users trying to achieve?
The remote users firewall? Goodness knows what this is supposed to do, and already has power of veto with firewalling.
I still don't see the point in any of this stuff.