[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: CPEs



On Jan 7, 2008, at 13:01, Christian Huitema wrote:

In a "home" environment, and in fact in most SOHO environments, there is no "firewall administrator". You have at best the "reluctant administrator", i.e. the one family member charged with rebooting the router when it fails. This is the main difference between "managed" and "unmanaged" environments.

In an unmanaged environment, you really cannot assume that the policy is decided by the firewall administrator. In practice, it is placed in the box by the firewall manufacturer, and mostly left untouched by the users. [...]

All quite true. It still doesn't change the fact that firewalls are where policy is decided and enforced, and nodes should only be required to notify firewalls of their application listeners, and *not* to request permission for their applications to listen.

So, if we assume that the firewalls will be closed by default, we can as well assume that there never will be any incoming TCP connection in the home.

Now, that may be a fine assumption.

I don't believe for a second that UPnP IGD won't be extended to support IPv6 filter control in addition to IPv4/NAT control. There will be incoming TCP/IPv6 connections to the home environment just like there are incoming TCP/IPv4/NAT connections today. The question is whether there will be an IETF recommendation for how they will get there over IPv6, or if IETF will continue to pretend like it isn't a problem we should be thinking about— just like we have with the IPv4/ NAT case for lo these many years.

If IETF wants to embrace UPnP IGD for IPv6, then I would call that an improvement over the status quo ante. Not very much of an improvement — mind you—but it's Better Than Nothing. Let me ask this question again to the whole group: does anyone know if UPnP Forum intends to publish their specifications for IGD/IPv6 under terms that IETF can accept as a standards track document? If so, when?


--
james woodyatt <jhw@apple.com>
member of technical staff, communications engineering