[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Some suggestions for draft-ietf-v6ops-cpe-simple-security-03
On 2008-08-25 17:23, Dan Wing wrote:
>>> You're saying that the Simple CPE Security document is not intended
>>> to provide security, but rather intended to provide a way to receive
>>> unsolicited IPv6 traffic through non-IPv6-capable SPs?
>> If a host behind the CPE chooses to set up an IPv6 tunnel to
>> an IPv6-supporting ISP, I don't see that the tunnel is anybody's
>> business but the host's. So yes, in that case I think the CPE
>> should step back, because the host *is* soliciting incoming
>> packets.
>
> But in that case, the host behind the CPE initiated the
> communication to the tunnel. For that to work, I do not
> believe it requires the CPE to allow unsolicited *incoming*
> traffic from the Internet (as currently written in
> draft-ietf-v6ops-cpe-simple-security-03.txt R19, R20, and R21).
How does it know that a Protocol 41 packet is unsolicited?
An IPv4 router takes no part in IPv6 tunnel setup. Either it
allows Protocol 41 or it doesn't, as far as I can see.
Note, I'm not talking about *-in-IPv6 tunnels.
Brian