Re: CPE equipments and stateful filters

[james woodyatt <jhw@apple.com>]

On Jul 24, 2007, at 11:24, Iljitsch van Beijnum wrote:
> At this point, it looks like the best option is to have an  
> extremely light-weight protocol that allows OSes (applications?) to  
> open up these filters that are going to be present in default  
> configurations so that only hosts that feel they're secure get  
> unfiltered access to the network while other stuff is prevented  
> from shooting itself in the foot.

The obvious rebuttal (which, in my mind, always comes with a middle- 
class English accent from my having heard something like it over and  
over again from Stuart Cheshire) is this:

	Devices that aren't secure enough for unfiltered access to
	and from the public Internet SHOULD NOT be accepting router
	advertisements for globally reachable IPv6 prefixes.

	Sheltering them with stateful packet filters at network
	gateways removes the incentive for their engineers to
	consider network security with an appropriate level of
	seriousness, which leads to more problems than the packet
	filters are intended to (or capable of) solving.

	We made this mistake with IPv4 for reasons that make sense
	only in their historical context.  There is no reason to
	insist on making this mistake again with IPv6.

This is hinting toward the philosophical matters I think underlie  
this debate.  I'm working on a more polished argument for striking an  
acceptable compromise.


--
james woodyatt <jhw@apple.com>
member of technical staff, communications engineering