[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Some suggestions for draft-ietf-v6ops-cpe-simple-security-03

To: IPv6 Operations <v6ops@ops.ietf.org>
Subject: Re: Some suggestions for draft-ietf-v6ops-cpe-simple-security-03
From: Rémi Denis-Courmont <rdenis@simphalempin.com>
Date: Wed, 27 Aug 2008 11:43:46 +0200
In-reply-to: <48B50B10.9090005@free.fr>
Organization: Remlab.net
References: <20080824204553.08131c65.ipng@69706e6720323030352d30312d31340a.nosense.org> <48B1CCE8.1070305@gmail.com> <01af01c9065b$b4602440$c2f0200a@cisco.com> <48B23391.1090503@gmail.com> <01cd01c90672$a57c8790$c2f0200a@cisco.com> <48B31DA3.6080001@gmail.com> <07d201c906f7$50a85e30$c2f0200a@cisco.com> <48B32B43.5010103@gmail.com> <084c01c906fe$f9bf1840$c2f0200a@cisco.com> <48B33430.40704@gmail.com> <08b901c90710$4064aa60$c2f0200a@cisco.com> <48B354FA.7040601@gmail.com> <48B50B10.9090005@free.fr>
User-agent: RoundCube Webmail/0.1

On Wed, 27 Aug 2008 10:06:40 +0200, Rémi Després <remi.despres@free.fr>

wrote:

> Brian E Carpenter   (m/j/a) 8/26/08 2:57 AM:

>> On 2008-08-26 12:11, Dan Wing wrote:

>>> Brian E Carpenter wrote:

>>>> But blocking tunnels by default, although it's simple, also

>>>> blocks innovation. That worries me.

>>> Would your worry go away if the IETF initiated a standards effort

>> around something like Apple's ALD (draft-woodyatt-ald-03.txt)?

>>

>> I believe that something like that is needed.



Me too.



> I also support that remote control of packet filtering should be

> standardized.

> 

> IMO, its scope should cover both:

> - CPE control by hosts

> - control of ISP provided filtering devices by customer sites.



I have to disagree. An ISP is not supposed to do filtering in the first

place.



Also, in real life, filtering by ISP is typically one of:

- NAT contingency, in which case it cannot be controlled directly,

- not meant to be controlled by the user

  (e.g. blocking SMTP, NetBIOS, or other protocols, spoof protection...)



I dare stress that NAT control is _not_ the same thing as filtering

control.



-- 

Rémi Denis-Courmont

Follow-Ups:
- RE: Some suggestions for draft-ietf-v6ops-cpe-simple-security-03
  - From: <teemu.savolainen@nokia.com>

References:
- Some suggestions for draft-ietf-v6ops-cpe-simple-security-03
  - From: Mark Smith <ipng@69706e6720323030352d30312d31340a.nosense.org>
- Re: Some suggestions for draft-ietf-v6ops-cpe-simple-security-03
  - From: Brian E Carpenter <brian.e.carpenter@gmail.com>
- RE: Some suggestions for draft-ietf-v6ops-cpe-simple-security-03
  - From: "Dan Wing" <dwing@cisco.com>
- Re: Some suggestions for draft-ietf-v6ops-cpe-simple-security-03
  - From: Brian E Carpenter <brian.e.carpenter@gmail.com>
- RE: Some suggestions for draft-ietf-v6ops-cpe-simple-security-03
  - From: "Dan Wing" <dwing@cisco.com>
- Re: Some suggestions for draft-ietf-v6ops-cpe-simple-security-03
  - From: Brian E Carpenter <brian.e.carpenter@gmail.com>
- RE: Some suggestions for draft-ietf-v6ops-cpe-simple-security-03
  - From: "Dan Wing" <dwing@cisco.com>
- Re: Some suggestions for draft-ietf-v6ops-cpe-simple-security-03
  - From: Brian E Carpenter <brian.e.carpenter@gmail.com>
- RE: Some suggestions for draft-ietf-v6ops-cpe-simple-security-03
  - From: "Dan Wing" <dwing@cisco.com>
- Re: Some suggestions for draft-ietf-v6ops-cpe-simple-security-03
  - From: Brian E Carpenter <brian.e.carpenter@gmail.com>
- RE: Some suggestions for draft-ietf-v6ops-cpe-simple-security-03
  - From: "Dan Wing" <dwing@cisco.com>
- Re: Some suggestions for draft-ietf-v6ops-cpe-simple-security-03
  - From: Brian E Carpenter <brian.e.carpenter@gmail.com>
- Re: Some suggestions for draft-ietf-v6ops-cpe-simple-security-03
  - From: Rémi Després <remi.despres@free.fr>

Prev by Date: Re: Some suggestions for draft-ietf-v6ops-cpe-simple-security-03
Next by Date: But are we talking IPv6 only? That's how I read the draft. (Re: Some suggestions for draft-ietf-v6ops-cpe-simple-security-03)
Previous by thread: Re: Some suggestions for draft-ietf-v6ops-cpe-simple-security-03
Next by thread: RE: Some suggestions for draft-ietf-v6ops-cpe-simple-security-03
Index(es):
- Date
- Thread