Re: draft-ietf-v6ops-cpe-simple-security-06

[james woodyatt <jhw@apple.com>]

On Jun 26, 2009, at 07:08, Rémi Després wrote:
> After reading draft-ietf-v6ops-cpe-simple-security-05, I am  
> convinced that a even lower security level is worth adding to the  
> draft.
> [...]
> Thoughts?

Let me begin by saying that I have no objection whatever to the  
proposal of lowering the level of security provided by the "simple  
security" function we're trying to document in this draft.  Writing  
here as an individual IETF contributor, i.e. without my editor hat, I  
have always opposed this simple security function for a variety of  
reasons that don't bear repeating in this thread.  My preference is  
for no default stateful filtering function in simple residential  
gateways.

All that said, however, I don't see how any "lower level of security"  
than described here is compatible with the level recommended in RFC  
4864, which was the starting point for this work.  If we're going to  
diverge from that baseline, then I'd expect that work would have to be  
the subject of an rfc4864bis draft, or at least a draft marked as an  
Update to RFC 4864, which this draft is most definitely not.  At  
least, not yet.

Shorter james: I have no technical objection to the proposal, but my  
editorial judgment is that it isn't appropriate to make it an  
amendment to this draft.


--
james woodyatt <jhw@apple.com>
member of technical staff, communications engineering