[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: R41 in draft-ietf-v6ops-cpe-simple-security-07

To: james woodyatt <jhw@apple.com>
Subject: Re: R41 in draft-ietf-v6ops-cpe-simple-security-07
From: Mark Baugher <mbaugher@cisco.com>
Date: Wed, 29 Jul 2009 05:57:19 -0700
Cc: IPv6 Operations <v6ops@ops.ietf.org>
In-reply-to: <35FFC80F-07B3-4CE3-BF7A-453D6A64641B@apple.com>
References: <20090727184501.933F83A6CE4@core3.amsl.com> <029CBD08-5A79-44C2-8490-E63AF783E3B7@muada.com> <7F9A6D26EB51614FBF9F81C0DA4CFEC80133E557C9BA@il-ex01.ad.checkpoint.com> <200907282136.55466.remi@remlab.net> <35FFC80F-07B3-4CE3-BF7A-453D6A64641B@apple.com>


On Jul 29, 2009, at 1:22 AM, james woodyatt wrote:

On Jul 28, 2009, at 20:36, Rémi Denis-Courmont wrote:
That said, not to put the full blame of UPnP. Manual HTTPconfigurationinterfaces with default passwords are also prone to abuse -regardless ofUPnP. And really, I don't see any credible alternatives for vendorsto use.
I very much doubt that we need to worry overly much that UPnP IGDwill ever have a protocol specification that complies with RFC 3979,RFC 4879 and RFC 5378.

Therefore, the purpose of R41 can easily be inferred as being acircumlocution to say: don't use UPnP IGD. Vendors may choose toignore recommendation R41 and deploy UPnP IGD anyway, but we won'tbe complicit if they do.

When I first read R41 months ago, I did not read it as a requirementintended to be an IGD killer. The motivation for R41 should be basedon reasons that are independent of IGD or any corporate interests;they should have to do with what technology is needed and why the IETFshould provide it. Also, the motivation for removing R41 should notbe based on whether it will help or hurt the chances of getting thedocument published. If the group can clearly articulate why thistechnology is needed and why the IETF is the organization to provideit, then I'd say we have an obligation to bring it to the IESG. I'msorry I missed the meeting and wonder if some positive motivation hasbeen given for R41 rather than problems with other protocols, IGD andIPsec, or issues with the IPR policies of another SDO.


Mark

As long as the current treatment of IPsec AH, ESP and IKE remains inthe draft as is, I have no objection as an individual contributor toremoving recommendation R41. It was originally inserted when thedraft had a much more restrictive treatment of IPsec AH, ESP and IKEthat would have rendered IPsec transport mode basically useless formost applications aimed at communicating with hosts in residentialnetworks. I even wrote draft-woodyatt-ald as a proposal for meetingrecommendation R41 with a new protocol. Once the treatment of IPsecand IKE changed in the IPv6 CPE Simple Security draft, I shelved allmy work on ALD.
--
james woodyatt <jhw@apple.com>
member of technical staff, communications engineering

Follow-Ups:
- Re: R41 in draft-ietf-v6ops-cpe-simple-security-07
  - From: james woodyatt <jhw@apple.com>

References:
- I-D Action:draft-ietf-v6ops-cpe-simple-security-07.txt
  - From: Internet-Drafts@ietf.org
- Re: R41 in draft-ietf-v6ops-cpe-simple-security-07
  - From: Iljitsch van Beijnum <iljitsch@muada.com>
- RE: R41 in draft-ietf-v6ops-cpe-simple-security-07
  - From: Yaron Sheffer <yaronf@checkpoint.com>
- Re: R41 in draft-ietf-v6ops-cpe-simple-security-07
  - From: "Rémi Denis-Courmont" <remi@remlab.net>
- Re: R41 in draft-ietf-v6ops-cpe-simple-security-07
  - From: james woodyatt <jhw@apple.com>

Prev by Date: Re: R41 in draft-ietf-v6ops-cpe-simple-security-07
Next by Date: Re: R41 in draft-ietf-v6ops-cpe-simple-security-07
Previous by thread: Re: R41 in draft-ietf-v6ops-cpe-simple-security-07
Next by thread: Re: R41 in draft-ietf-v6ops-cpe-simple-security-07
Index(es):
- Date
- Thread