[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [BEHAVE] Re: CPE equipments and stateful filters

To: IPv6 Operations <v6ops@ops.ietf.org>, Behave WG <behave@ietf.org>
Subject: Re: [BEHAVE] Re: CPE equipments and stateful filters
From: james woodyatt <jhw@apple.com>
Date: Tue, 31 Jul 2007 12:08:21 -0700
In-reply-to: <07cc01c7d39a$c084c720$c5f0200a@amer.cisco.com>
References: <07cc01c7d39a$c084c720$c5f0200a@amer.cisco.com>

On Jul 31, 2007, at 10:46, Dan Wing wrote:

[ I wrote: ]
Neither of these two forms of traffic could reasonably bedescribed as "unsolicited" in this case.
We have different definitions of 'solicited traffic' and'unsolicited traffic'.


That seems to be the case.

What are your definitions?

I have a more human-centered view of what it means for traffic to besolicited: if a human network administrator is expecting the traffic,then any protocol or method initiated by an administrator for thepurpose of enabling an exception to the "denial by default" policy isan explicit solicitation.

For example, an HTTP or SMTP server could solicit inbound connectionsby sending an NSLP CREATE/EXT message to the appropriate NSISresponder. A more common scenario might be the case where an AppleFile Sharing (AFP) protocol server advertises a DNS-SD record withwide-area Bonjour™ and opens an IPv4/NAT translation for it with NAT-PMP.



--
james woodyatt <jhw@apple.com>
member of technical staff, communications engineering

References:
- RE: [BEHAVE] Re: CPE equipments and stateful filters
  - From: "Dan Wing" <dwing@cisco.com>

Prev by Date: RE: [BEHAVE] Re: CPE equipments and stateful filters
Next by Date: RE: [BEHAVE] Re: CPE equipments and stateful filters
Previous by thread: RE: [BEHAVE] Re: CPE equipments and stateful filters
Next by thread: RE: [BEHAVE] Re: CPE equipments and stateful filters
Index(es):
- Date
- Thread