I don't understand this discussion of port 80. I thought the discussion was purely of home (or at most, SOHO) networks. The draft does not open a pinhole for incoming port 80/443 traffic, and for good reason. You want a Web server at home, fine, you need to configure your router - either manually or using some IGD-like magic protocol. Thanks, Yaron > -----Original Message----- > From: Iljitsch van Beijnum [mailto:iljitsch@muada.com] > Sent: Wednesday, July 29, 2009 10:58 > To: Tim Chown > Cc: Mohacsi Janos; Yaron Sheffer; james woodyatt; IPv6 Operations > Subject: Re: R41 in draft-ietf-v6ops-cpe-simple-security-07 > > On 29 jul 2009, at 10:50, Tim Chown wrote: > > > In a campus/managed network we default block port 80 outbound from > > web servers for this reason... we wouldn't want the option for the > > host/server to undo this. > > > A SOHO enviroment may - or may not - be different. > > How would it make sense for a home gateway / CPE to refuse incoming > connections to port 80 even though the person who is paying for that > box wants those connections to happen? > > (And consider that that person may very well posess a screw driver.) > > > Another example might be the classic port 25 smtp outbound filtering. > > This type of filtering happens in the ISP network, not the home > gateway / CPE. > > Scanned by Check Point Total Security Gateway.
Attachment:
smime.p7s
Description: S/MIME cryptographic signature