[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Some suggestions for draft-ietf-v6ops-cpe-simple-security-03

To: "'Brian E Carpenter'" <brian.e.carpenter@gmail.com>
Subject: RE: Some suggestions for draft-ietf-v6ops-cpe-simple-security-03
From: "Dan Wing" <dwing@cisco.com>
Date: Sun, 24 Aug 2008 22:23:02 -0700
Cc: "'Mark Smith'" <ipng@69706e6720323030352d30312d31340a.nosense.org>, <jhw@apple.com>, "'IPv6 Operations'" <v6ops@ops.ietf.org>
In-reply-to: <48B23391.1090503@gmail.com>
References: <20080824204553.08131c65.ipng@69706e6720323030352d30312d31340a.nosense.org> <48B1CCE8.1070305@gmail.com> <01af01c9065b$b4602440$c2f0200a@cisco.com> <48B23391.1090503@gmail.com>

> > You're saying that the Simple CPE Security document is not intended
> > to provide security, but rather intended to provide a way to receive
> > unsolicited IPv6 traffic through non-IPv6-capable SPs?
> 
> If a host behind the CPE chooses to set up an IPv6 tunnel to
> an IPv6-supporting ISP, I don't see that the tunnel is anybody's
> business but the host's. So yes, in that case I think the CPE
> should step back, because the host *is* soliciting incoming
> packets.

But in that case, the host behind the CPE initiated the 
communication to the tunnel.  For that to work, I do not
believe it requires the CPE to allow unsolicited *incoming* 
traffic from the Internet (as currently written in 
draft-ietf-v6ops-cpe-simple-security-03.txt R19, R20, and R21).

-d

Follow-Ups:
- Re: Some suggestions for draft-ietf-v6ops-cpe-simple-security-03
  - From: Brian E Carpenter <brian.e.carpenter@gmail.com>

References:
- Some suggestions for draft-ietf-v6ops-cpe-simple-security-03
  - From: Mark Smith <ipng@69706e6720323030352d30312d31340a.nosense.org>
- Re: Some suggestions for draft-ietf-v6ops-cpe-simple-security-03
  - From: Brian E Carpenter <brian.e.carpenter@gmail.com>
- RE: Some suggestions for draft-ietf-v6ops-cpe-simple-security-03
  - From: "Dan Wing" <dwing@cisco.com>
- Re: Some suggestions for draft-ietf-v6ops-cpe-simple-security-03
  - From: Brian E Carpenter <brian.e.carpenter@gmail.com>

Prev by Date: Re: Some suggestions for draft-ietf-v6ops-cpe-simple-security-03
Next by Date: Re: Some suggestions for draft-ietf-v6ops-cpe-simple-security-03
Previous by thread: Re: Some suggestions for draft-ietf-v6ops-cpe-simple-security-03
Next by thread: Re: Some suggestions for draft-ietf-v6ops-cpe-simple-security-03
Index(es):
- Date
- Thread