[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: CPEs

To: IPv6 Operations <v6ops@ops.ietf.org>
Subject: Re: CPEs
From: james woodyatt <jhw@apple.com>
Date: Mon, 7 Jan 2008 14:43:10 -0800
In-reply-to: <AFE0AC8DCDE68842B94E8EC69D5F21D635EB1205AF@NA-EXMSG-W602.wingroup.windeploy.ntdev.microsoft.com>
References: <58BFC685-DA33-418A-A37A-9075509987D4@muada.com> <200801071811.41399.rdenis@simphalempin.com> <215B974E-E931-4B8E-BD45-63DA8430F40D@apple.com> <AFE0AC8DCDE68842B94E8EC69D5F21D635EB1205AF@NA-EXMSG-W602.wingroup.windeploy.ntdev.microsoft.com>

On Jan 7, 2008, at 13:01, Christian Huitema wrote:

In a "home" environment, and in fact in most SOHO environments,there is no "firewall administrator". You have at best the"reluctant administrator", i.e. the one family member charged withrebooting the router when it fails. This is the main differencebetween "managed" and "unmanaged" environments.
In an unmanaged environment, you really cannot assume that thepolicy is decided by the firewall administrator. In practice, it isplaced in the box by the firewall manufacturer, and mostly leftuntouched by the users. [...]

All quite true. It still doesn't change the fact that firewalls arewhere policy is decided and enforced, and nodes should only berequired to notify firewalls of their application listeners, and*not* to request permission for their applications to listen.

So, if we assume that the firewalls will be closed by default, wecan as well assume that there never will be any incoming TCPconnection in the home.
Now, that may be a fine assumption.

I don't believe for a second that UPnP IGD won't be extended tosupport IPv6 filter control in addition to IPv4/NAT control. Therewill be incoming TCP/IPv6 connections to the home environment justlike there are incoming TCP/IPv4/NAT connections today. The questionis whether there will be an IETF recommendation for how they will getthere over IPv6, or if IETF will continue to pretend like it isn't aproblem we should be thinking about— just like we have with the IPv4/NAT case for lo these many years.

If IETF wants to embrace UPnP IGD for IPv6, then I would call that animprovement over the status quo ante. Not very much of an improvement— mind you—but it's Better Than Nothing. Let me ask this questionagain to the whole group: does anyone know if UPnP Forum intends topublish their specifications for IGD/IPv6 under terms that IETF canaccept as a standards track document? If so, when?


--
james woodyatt <jhw@apple.com>
member of technical staff, communications engineering

Follow-Ups:
- Re: CPEs
  - From: Iljitsch van Beijnum <iljitsch@muada.com>

References:
- CPEs
  - From: Iljitsch van Beijnum <iljitsch@muada.com>
- Re: CPEs
  - From: Rémi Denis-Courmont <rdenis@simphalempin.com>
- Re: CPEs
  - From: james woodyatt <jhw@apple.com>
- RE: CPEs
  - From: Christian Huitema <huitema@windows.microsoft.com>

Prev by Date: Re: CPEs
Next by Date: RE: ipv6experiment.com progress update / mailing list
Previous by thread: RE: CPEs
Next by thread: Re: CPEs
Index(es):
- Date
- Thread