Re: [fun] WG Review: Home Networks (homenet)
Keith Moore <moore@network-heretics.com> Tue, 05 July 2011 17:18 UTC
Return-Path: <moore@network-heretics.com>
X-Original-To: fun@ietfa.amsl.com
Delivered-To: fun@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B68E522802A; Tue, 5 Jul 2011 10:18:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.522
X-Spam-Level:
X-Spam-Status: No, score=-3.522 tagged_above=-999 required=5 tests=[AWL=0.077, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zqcN0eJGi7xM; Tue, 5 Jul 2011 10:18:41 -0700 (PDT)
Received: from out5.smtp.messagingengine.com (out5.smtp.messagingengine.com [66.111.4.29]) by ietfa.amsl.com (Postfix) with ESMTP id 188CC228022; Tue, 5 Jul 2011 10:18:41 -0700 (PDT)
Received: from compute3.internal (compute3.nyi.mail.srv.osa [10.202.2.43]) by gateway1.messagingengine.com (Postfix) with ESMTP id 94532207B5; Tue, 5 Jul 2011 13:18:40 -0400 (EDT)
Received: from frontend2.messagingengine.com ([10.202.2.161]) by compute3.internal (MEProxy); Tue, 05 Jul 2011 13:18:40 -0400
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=messagingengine.com; h=subject:mime-version:content-type:from:in-reply-to:date:cc:content-transfer-encoding:message-id:references:to; s=smtpout; bh=TmQAxrZNHZF55bsuEX0bp5ISRRc=; b=qAZlFNbCc+qKwyzPHWgSIGWiPp+UTWHHJH64bJ1aCXTsslLaj2NmHR0pGs4h/N1z0J/NOm9LtQVRaid+XnW1Q5my61ZzKa2STFk6exziHe//7+bNRUnr5HXRiAxpgYEu8AJZmrQtzoMotn3zCvdAYjDt6+ww2cFXsL+UfPW2LWg=
X-Sasl-enc: xD1L8Zb2hqFdVQWIsjTDkoeCXILtl3Vz+uLQhCl6203q 1309886319
Received: from host65-16-145-177.birch.net (host65-16-145-177.birch.net [65.16.145.177]) by mail.messagingengine.com (Postfix) with ESMTPA id A3161443CD0; Tue, 5 Jul 2011 13:18:39 -0400 (EDT)
Mime-Version: 1.0 (Apple Message framework v1084)
Content-Type: text/plain; charset="us-ascii"
From: Keith Moore <moore@network-heretics.com>
In-Reply-To: <20110705163528.66BAF22801D@ietfa.amsl.com>
Date: Tue, 05 Jul 2011 13:18:21 -0400
Content-Transfer-Encoding: quoted-printable
Message-Id: <376F5BEA-61A0-46B4-A367-D69A74C28C96@network-heretics.com>
References: <20110705163528.66BAF22801D@ietfa.amsl.com>
To: iesg@ietf.org
X-Mailer: Apple Mail (2.1084)
Cc: fun@ietf.org
Subject: Re: [fun] WG Review: Home Networks (homenet)
X-BeenThere: fun@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "FUture home Networking \(FUN\)" <fun.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/fun>, <mailto:fun-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/fun>
List-Post: <mailto:fun@ietf.org>
List-Help: <mailto:fun-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/fun>, <mailto:fun-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 05 Jul 2011 17:18:43 -0000
> > The purpose of this working group is to focus on this evolution, in > particular as it addresses the introduction of IPv6, by developing an > architecture addressing this full scope of requirements: > > o prefix configuration for routers > o managing routing > o name resolution > o service discovery > o network security it seems like host/device security, as distinguished from network security, should also be in this list. ease of configuration would appear to be paramount, and this touches on the interface between hosts/devices and the home network, particularly any perimeter based security mechanisms. I'm thinking that when someone gets a new device, they might need to "pair" it with their network (similar to Bluetooth devices) so that the perimeter security devices know to allow traffic for it (and what kinds of traffic to allow). similarly, hosts which have permission to access such devices from outside of the home network might also need to be "paired". one of the questions that I have is: to what extent is it reasonable to expect that network-accessible devices made for use in homes (and hosts that talk to them) are different than network-accessible devices used in other environments (and the hosts that talk to them)? offhand I'm thinking that you want to be able to support ordinary hosts, devices, and applications on home networks, but it might take a bit more work to get their traffic through perimeter security. similarly, you want to be able to enable ordinary hosts to talk to things on the home network, but doing so might be more cumbersome than for hosts with the appropriate support built-in. there are multiple approaches for external access that could be considered: proxies, IPsec, tunnels, etc. one thing that should be clear up front, is that using ip addresses for authentication tokens is a bad idea, no matter how widespread the practice is. I guess I think that there's a real need to develop a standard means to arrange for secure external access to internal devices that are granted permission for such access. > The task of the group is to produce an architecture document that > outlines how to construct home networks involving multiple routers and > subnets. This document is expected to apply the IPv6 addressing > architecture, prefix delegation, global and ULA addresses, source > address selection rules and other existing components of the IPv6 > architecture. I don't think it should be presumed that ULA's are applicable. Perhaps, but not certainly. ULAs should be limited to devices for which there is never any need to be accessed from outside the network, or to access external hosts, and offhand I can't think of a situation that makes it reasonable to impose this limitation on every device on a network segment.. If ULAs can be doled out to only those devices that do not have permission for external access, independent of network segment, that might be fine. Keith
- [fun] WG Review: Home Networks (homenet) IESG Secretary
- Re: [fun] WG Review: Home Networks (homenet) Keith Moore