teemu.savolainen@nokia.com (m/j/a) 8/27/08 12:46 PM:
I also support that remote control of packet filtering should be standardized. IMO, its scope should cover both: - CPE control by hosts - control of ISP provided filtering devices by customer sites.I have to disagree. An ISP is not supposed to do filtering in the first place. Also, in real life, filtering by ISP is typically one of: - NAT contingency, in which case it cannot be controlled directly, - not meant to be controlled by the user(e.g. blocking SMTP, NetBIOS, or other protocols, spoof protection...)In cellular environments filtering of the downlink carbage to increase battery lifetime of handhelds is an important function. However, if the firewall is there to save batteries and not to enforce any special policies, it might be more willing to be controlled?
I support this last point.Indeed, if a cell phone would open just a few (address,port) couples, possibly none, for incoming connections, and would have this enforced by its service provider, it would be much better protected against battery exhaustion due to malevolent (address,port) scanning.
A protocol that at least achieves this level of protection is IMO needed. Regards, RD