[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Some suggestions for draft-ietf-v6ops-cpe-simple-security-03
On Wed, 27 Aug 2008 13:46:34 +0300, <teemu.savolainen@nokia.com> wrote:
> In cellular environments filtering of the downlink carbage to increase
> battery lifetime of handhelds is an important function.
> However, if the firewall is there to save batteries and not to enforce
any
> special policies, it might be more willing to be controlled?
Hmm, that's right. I assume in most cases, statefull firewall is used
however, with its advantage (it does not need any new signaling protocol)
and its well-known limitations.
I just fear that "cross-domain" control brings intractable security vs
deployment constraints onto the control protocol. I hope we can stick to
simple return-routability checks for ALD or whatever it turns into. If you
ask me, this protocol is dead on arrival if it requires x509 or another
strong authentication mechanism, that breaks the "zeroconf" property of ALD
as it currently is specified.
--
Rémi Denis-Courmont