On Aug 4, 2009, at 15:03, Yaron Sheffer wrote:
From: Mark Baugher [mailto:mbaugher@cisco.com] (Sent: Wednesday, August 05, 2009 0:55)On Aug 4, 2009, at 2:39 PM, Yaron Sheffer wrote:And I'll second Remi's opinion, a firewall that can be manipulated by malware is better than no firewall at all.If we're going to design firewall control for IPv6, whether it be something new like ALD or an obvious extension to what's done for IPv4, I think it should default to authenticated firewall control. [...]My security reflexes tell me that authenticated is better than un-, and I agree that the protocol MUST support such a mode. But in practice, this protocol will be used by applications, which most likely will store the authcredentials somewhere. [...]
No. The most like scenario is applications soliciting any-source inbound traffic will use techniques like RFC 5389 modulo NAT, and because there is no standard for choosing an exterior filtering regime, applications will then perform filter-state behavior tests and use rendezvous services when the exterior filtering regime isn't endpoint-independent. This will end up costing battery and network resources that would otherwise not be spent if there was a protocol like R41 recommends, but it will work, it will be simple and it won't require any authentication credentials that users may or may not possess, much less remember where they wrote them down.
The point of allowing passive listeners to solicit any-source incoming flows with something like ALD has *always* been to make more wasteful techniques like RFC 5389 modulo NAT completely unnecessary. Does this need to be spelled out more clearly in the draft?
-- james woodyatt <jhw@apple.com> member of technical staff, communications engineering