[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Some suggestions for draft-ietf-v6ops-cpe-simple-security-03



On Wed, 27 Aug 2008 13:46:34 +0300, <teemu.savolainen@nokia.com> wrote:

> In cellular environments filtering of the downlink carbage to increase

> battery lifetime of handhelds is an important function.



> However, if the firewall is there to save batteries and not to enforce

any

> special policies, it might be more willing to be controlled?



Hmm, that's right. I assume in most cases, statefull firewall is used

however, with its advantage (it does not need any new signaling protocol)

and its well-known limitations.



I just fear that "cross-domain" control brings intractable security vs

deployment constraints onto the control protocol. I hope we can stick to

simple return-routability checks for ALD or whatever it turns into. If you

ask me, this protocol is dead on arrival if it requires x509 or another

strong authentication mechanism, that breaks the "zeroconf" property of ALD

as it currently is specified.



-- 

Rémi Denis-Courmont