It pains me to advocate *less* security than Iljitsch, but yes, this should be done from the host, and no, there is no reasonable way to establish trust between the host and the CPE router in a home environment. So the (default) protocol will likely be unauthenticated. Let's just make sure the protocol is NOT HTTP-based, because there've been attacks on UPNP where the host is "convinced" to open a pinhole in the router. These attacks are a variant of cross-site scripting, and here's a link: http://blogs.zdnet.com/soho-networking/?p=120. Thanks, Yaron > -----Original Message----- > From: owner-v6ops@ops.ietf.org [mailto:owner-v6ops@ops.ietf.org] On Behalf > Of Iljitsch van Beijnum > Sent: Tuesday, July 28, 2009 16:25 > To: james woodyatt > Cc: IPv6 Operations > Subject: Re: R41 in draft-ietf-v6ops-cpe-simple-security-07 > > On 28 jul 2009, at 9:26, james woodyatt wrote: > > > I intend to query the meeting participants this afternoon about a > > remaining open item that arose during the last WGLC. That item is > > the question over whether recommendation R41 should be removed. > > > R41: Gateways SHOULD implement a protocol to permit applications to > > solicit inbound traffic without advance knowledge of the addresses > > of > > exterior nodes with which they expect to communicate. If > > implemented, this protocol MUST have a specification that meets the > > requirements of [RFC3979], [RFC4879] and [RFC5378]. > > Assuming that the user is going to open up incoming sessions for an > application, it's more convenient to be able to do that on the host > rather than on the CPE. Then again I wouldn't want random visitors to > be able to mess up my network. > > I guess middle ground would be that such a protocol would either need > to be enabled explicitly, or would need some kind of authentication > token, maybe a la bluetooth pairing. > > > Scanned by Check Point Total Security Gateway.
Attachment:
smime.p7s
Description: S/MIME cryptographic signature