Hi Mark, My security reflexes tell me that authenticated is better than un-, and I agree that the protocol MUST support such a mode. But in practice, this protocol will be used by applications, which most likely will store the auth credentials somewhere. Malware can subvert the applications and/or get directly at the credentials. At which point I'm not sure this is so secure any more. Thanks, Yaron > -----Original Message----- > From: Mark Baugher [mailto:mbaugher@cisco.com] > Sent: Wednesday, August 05, 2009 0:55 > To: Yaron Sheffer > Cc: Mark Smith; Rémi Denis-Courmont; Brian E Carpenter; james woodyatt; > IPv6 Operations > Subject: Re: R41 in draft-ietf-v6ops-cpe-simple-security-07 > > References: <20090727184501.933F83A6CE4@core3.amsl.com> <029CBD08-5A79- > 44C2-8490-E63AF783E3B7@muada.com> > <7F9A6D26EB51614FBF9F81C0DA4CFEC80133E557C9BA@il-ex01.ad.checkpoint.com> > <200907282136.55466.remi@remlab.net> <35FFC80F-07B3-4CE3-BF7A- > 453D6A64641B@apple.com> <114203F8-FFC7-474C-8764-4F87447AB810@cisco.com> > <2C8F9109-C96D-422E-9EEB-6EF22D79EF62@apple.com> <AD7A13B1-C0F5-4C84-845C- > CC6B5E3A29D1@mbaugher.com> <440B7E43-76B7-4C18-A93E- > DF052280DC41@apple.com> <18034D4D7FE9AE48BF19AB1B0EF2729F3A7044EB32@NOK- > EUMSG-01.mgdnok.nokia.com> <C79965AE-2C69-4A63-8EB7- > F4E89542CEFE@apple.com> <18034D4D7FE9AE48BF19AB1B0EF2729F3A7044F238@NOK- > EUMSG-01.mgdnok.nokia.com> <57D79623-D8A1-41E9-9FB8- > B5FEBEE91729@apple.com> <190A532E-35DF-4E97-99D2-9167B9183316@cisco.com> > <4A7776E8.4060706@gmail.com> <3BF326F1-3AF5-4577-8409- > 6BE2D0D6D320@cisco.com> <a94dfda0ae501f376e7b24f0e7b7e70a@chewa.net> > <20090804202313.642d2942.ipng@69706e6720323030352d30312d31340a.nosense.org > > <7F9A6D26EB51614FBF9F81C0DA4CF! > EC80133E557D28F@il-ex01.ad.checkpoint.com> > X-Mailer: Apple Mail (2.935.3) > Return-Path: mbaugher@cisco.com > X-OriginalArrivalTime: 04 Aug 2009 21:56:24.0954 (UTC) > FILETIME=[692B05A0:01CA154E] > > > On Aug 4, 2009, at 2:39 PM, Yaron Sheffer wrote: > > > And I'll second Remi's opinion, a firewall that can be manipulated by > > malware is better than no firewall at all. > > If we're going to design firewall control for IPv6, whether it be > something new like ALD or an obvious extension to what's done for > IPv4, I think it should default to authenticated firewall control. In > other words, I would not start with standardizing an unauthenticated > firewall control mechanisms and assume that others will figure out how > to add access controls. Letting malware use UPnP NAT traversal or NAT- > PMP as done today is a pretty low standard for a CPE interface that > IMHO we should not accept going forward. We'd like the CPE to refuse > commands from malware. > > Mark > > > Scanned by Check Point Total Security Gateway.
Attachment:
smime.p7s
Description: S/MIME cryptographic signature