[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: CPE equipments and stateful filters

To: itojun@itojun.org (Jun-ichiro itojun Hagino)
Subject: Re: CPE equipments and stateful filters
From: Mark Smith <ipng@69706e6720323030352d30312d31340a.nosense.org>
Date: Wed, 25 Jul 2007 07:31:24 +0930
Cc: v6ops@ops.ietf.org
In-reply-to: <20070723203122.171F7233CB@coconut.itojun.org>
References: <7844C0A2-2FEA-48B0-9A83-0D376FE41BC8@apple.com> <20070723203122.171F7233CB@coconut.itojun.org>

On Tue, 24 Jul 2007 05:31:22 +0900 (JST)
itojun@itojun.org (Jun-ichiro itojun Hagino) wrote:

> > On Jul 23, 2007, at 14:36, Jun-ichiro itojun Hagino wrote:
> > >
> > > otherwise your cellphone that have roamed into your home network,  
> > > and/or TiVo device, cannot be used from the outside.
> > 
> > Alas, my cellphone provider isn't particularly interested in letting  
> > my phone make and receive SIP calls over my home 802.11 wireless  
> > network routed to the Internet.  I fear you're pointing out a  
> > *feature*, not a bug.
> 
> 	well, your cellphone network provider may not, but nokia have
> 	already shipping phones with SIP and IPv6: E61 and those series.
> 	any comments from ericsson? :-)
> 

These Nokia models caused a bit of a buying spree where I work (a
smaller SP), with one of the main reasons being the Wifi/SIP
capabilities. The MD (one of the owners) has made his Wifi key at home
the same as the one in his area of the office, so moving between those
Wifi points is seemless for VoIP. Fortunately the organisation has
followed a host based firewall and application based authentication
model, so doing this isn't as much of a problem as if they'd followed
the hard shell, gooey centre firewall model.

I also found it a bit interesting that the host based firewalling /
application authentication model had been followed without it seeming
to be much of a conscious decision by the people who where there before
I started. Possibly because as the host/application based tools were
available when it was necessary to implement host/applicatiion
security, it then inherently became the obvious and better way to do it.

Assuming an appropriate level of security measures (e.g. matching Wifi
keys), being able to move between home and work networks easily with
something such as a Wifi/SIP enabled cell/mobile phone is something
that I think is important that we don't inhibit with any recommended
implementation models on CPE and stateful firewalls.

Regards,
Mark.

References:
- Re: CPE equipments and stateful filters
  - From: james woodyatt <jhw@apple.com>
- Re: CPE equipments and stateful filters
  - From: itojun@itojun.org (Jun-ichiro itojun Hagino)

Prev by Date: Re: [69ATTENDEES] DHCP
Next by Date: Re: Handling rogue RA feedback
Previous by thread: Re: CPE equipments and stateful filters
Next by thread: Re: CPE equipments and stateful filters
Index(es):
- Date
- Thread