[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: CPEs
On Jan 7, 2008, at 13:01, Christian Huitema wrote:
In a "home" environment, and in fact in most SOHO environments,
there is no "firewall administrator". You have at best the
"reluctant administrator", i.e. the one family member charged with
rebooting the router when it fails. This is the main difference
between "managed" and "unmanaged" environments.
In an unmanaged environment, you really cannot assume that the
policy is decided by the firewall administrator. In practice, it is
placed in the box by the firewall manufacturer, and mostly left
untouched by the users. [...]
All quite true. It still doesn't change the fact that firewalls are
where policy is decided and enforced, and nodes should only be
required to notify firewalls of their application listeners, and
*not* to request permission for their applications to listen.
So, if we assume that the firewalls will be closed by default, we
can as well assume that there never will be any incoming TCP
connection in the home.
Now, that may be a fine assumption.
I don't believe for a second that UPnP IGD won't be extended to
support IPv6 filter control in addition to IPv4/NAT control. There
will be incoming TCP/IPv6 connections to the home environment just
like there are incoming TCP/IPv4/NAT connections today. The question
is whether there will be an IETF recommendation for how they will get
there over IPv6, or if IETF will continue to pretend like it isn't a
problem we should be thinking about— just like we have with the IPv4/
NAT case for lo these many years.
If IETF wants to embrace UPnP IGD for IPv6, then I would call that an
improvement over the status quo ante. Not very much of an improvement
— mind you—but it's Better Than Nothing. Let me ask this question
again to the whole group: does anyone know if UPnP Forum intends to
publish their specifications for IGD/IPv6 under terms that IETF can
accept as a standards track document? If so, when?
--
james woodyatt <jhw@apple.com>
member of technical staff, communications engineering
- Follow-Ups:
- Re: CPEs
- From: Iljitsch van Beijnum <iljitsch@muada.com>
- References:
- CPEs
- From: Iljitsch van Beijnum <iljitsch@muada.com>
- Re: CPEs
- From: Rémi Denis-Courmont <rdenis@simphalempin.com>
- Re: CPEs
- From: james woodyatt <jhw@apple.com>
- RE: CPEs
- From: Christian Huitema <huitema@windows.microsoft.com>