[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: CPE equipments and stateful filters

To: james woodyatt <jhw@apple.com>
Subject: Re: CPE equipments and stateful filters
From: Mark Smith <ipng@69706e6720323030352d30312d31340a.nosense.org>
Date: Fri, 27 Jul 2007 08:32:44 +0930
Cc: IPv6 Operations <v6ops@ops.ietf.org>
In-reply-to: <C79BDA14-94AD-490E-9E03-730C8301CA1B@apple.com>
References: <20070723193610.70736233CB@coconut.itojun.org> <46A53E32.1010902@gmail.com> <95A6089B-9014-4866-AFBB-5E72A6FE15D7@muada.com> <C79BDA14-94AD-490E-9E03-730C8301CA1B@apple.com>

On Tue, 24 Jul 2007 13:20:10 -0500
james woodyatt <jhw@apple.com> wrote:

> On Jul 24, 2007, at 11:24, Iljitsch van Beijnum wrote:
> >
> > At this point, it looks like the best option is to have an  
> > extremely light-weight protocol that allows OSes (applications?) to  
> > open up these filters that are going to be present in default  
> > configurations so that only hosts that feel they're secure get  
> > unfiltered access to the network while other stuff is prevented  
> > from shooting itself in the foot.
> 
> The obvious rebuttal (which, in my mind, always comes with a middle- 
> class English accent from my having heard something like it over and  
> over again from Stuart Cheshire) is this:
> 
> 	Devices that aren't secure enough for unfiltered access to
> 	and from the public Internet SHOULD NOT be accepting router
> 	advertisements for globally reachable IPv6 prefixes.
> 
> 	Sheltering them with stateful packet filters at network
> 	gateways removes the incentive for their engineers to
> 	consider network security with an appropriate level of
> 	seriousness, which leads to more problems than the packet
> 	filters are intended to (or capable of) solving.
> 
> 	We made this mistake with IPv4 for reasons that make sense
> 	only in their historical context.  There is no reason to
> 	insist on making this mistake again with IPv6.
> 
> This is hinting toward the philosophical matters I think underlie  
> this debate.  I'm working on a more polished argument for striking an  
> acceptable compromise.
> 

(You might imagine me saying this with my Australian accent) I agree
with this completely, except that I don't think we can even assume that
the domain where ULAs might be assigned is secure and trustworthy
enough these days. I think commodity Wifi in residences has probably
put an end to that assumption being mostly true, as it was in the past
with wired infrastructure. 

If we're focusing implementing security at layer 3 and above, what
assumptions are we making about the security of layer 2, and are they
appropriate assumptions to be making?

Assuming Wifi is probably going to be, if it isn't already, the most
popular way of creating a network inside a residence, does anybody know
of any citable formal studies measuring how well Wifi security has been
configured in residential areas ?

Crikey! He almost got me that time! That would have stung a bit!

Regards,
Mark.

Follow-Ups:
- Re: CPE equipments and stateful filters
  - From: Brian E Carpenter <brian.e.carpenter@gmail.com>
- Re: CPE equipments and stateful filters
  - From: Iljitsch van Beijnum <iljitsch@muada.com>

References:
- CPE equipments and stateful filters
  - From: itojun@itojun.org (Jun-ichiro itojun Hagino)
- Re: CPE equipments and stateful filters
  - From: Brian E Carpenter <brian.e.carpenter@gmail.com>
- Re: CPE equipments and stateful filters
  - From: Iljitsch van Beijnum <iljitsch@muada.com>
- Re: CPE equipments and stateful filters
  - From: james woodyatt <jhw@apple.com>

Prev by Date: Re: Distributing site-wide RFC 3484 policy
Next by Date: Re: CPE equipments and stateful filters
Previous by thread: Re: CPE equipments and stateful filters
Next by thread: Re: CPE equipments and stateful filters
Index(es):
- Date
- Thread