[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Some suggestions for draft-ietf-v6ops-cpe-simple-security-03



On Aug 27, 2008, at 01:06, Rémi Després wrote:
Brian E Carpenter   (m/j/a) 8/26/08 2:57 AM:
On 2008-08-26 12:11, Dan Wing wrote:
Brian E Carpenter wrote:
But blocking tunnels by default, although it's simple, also
blocks innovation. That worries me.
Would your worry go away if the IETF initiated a standards effort around
something like Apple's ALD (draft-woodyatt-ald-03.txt)?
I believe that something like that is needed.

I also support that remote control of packet filtering should be standardized.

IMO, its scope should cover both:
- CPE control by hosts
- control of ISP provided filtering devices by customer sites.


I must chime in here and repeat for the record that ALD is most emphatically NOT a protocol for enabling hosts to control filtering devices. I took Great Pains to specify it as a protocol for filtering devices to learn about interior applications that are soliciting inbound traffic from arbitrary exterior nodes regardless of their remote address.

Please please please I am VERY resistant to positioning ALD as a method for nodes to use in "controlling" firewall devices.


--
james woodyatt <jhw@apple.com>
member of technical staff, communications engineering