RE: draft-macaulay-6man-packet-stain-00 High Level Questions
"Dan Wing" <dwing@cisco.com> Fri, 17 February 2012 01:53 UTC
Return-Path: <dwing@cisco.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 33E4E21E8080 for <ipv6@ietfa.amsl.com>; Thu, 16 Feb 2012 17:53:00 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -109.599
X-Spam-Level:
X-Spam-Status: No, score=-109.599 tagged_above=-999 required=5 tests=[AWL=1.000, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id K7xXwL8zRQ83 for <ipv6@ietfa.amsl.com>; Thu, 16 Feb 2012 17:52:56 -0800 (PST)
Received: from rcdn-iport-1.cisco.com (rcdn-iport-1.cisco.com [173.37.86.72]) by ietfa.amsl.com (Postfix) with ESMTP id E8B7B21E807E for <ipv6@ietf.org>; Thu, 16 Feb 2012 17:52:55 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=dwing@cisco.com; l=2950; q=dns/txt; s=iport; t=1329443576; x=1330653176; h=from:to:references:in-reply-to:subject:date:message-id: mime-version:content-transfer-encoding; bh=br1Lt0S494RIFeOEGPCHvAH8vx0MAJvcfHo/rtyBlDo=; b=jyBEe1LYNeWjj1jx+ThI/dUS4+It6woOe+uTqgWPo9RT0ra5s/xIIH3O kluhLl8x0H6HpZVpmUC1fXlKMpUuguHEgEHZVhF+lp6Idbl9AtAts5wGG uoB9B8Cw/q/pswYGQu5re91plLIvwWFn7pLqir5GT1NybNnVnbNKicWcL 0=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AgAFAGCyPU+tJXHB/2dsb2JhbABEDqExjy2BB4FyAQEBAwEICgEXEEQHAQMCCQ8CBAEBKAcZIwoJCAEBBAESCxeHXZpaAZ5Si24EAgIMEg4BAS4ECQkCAYdYBIhOhQeaE1g
X-IronPort-AV: E=Sophos;i="4.73,433,1325462400"; d="scan'208";a="59641166"
Received: from rcdn-core2-6.cisco.com ([173.37.113.193]) by rcdn-iport-1.cisco.com with ESMTP; 17 Feb 2012 01:52:55 +0000
Received: from dwingWS (rtp-vpn3-1212.cisco.com [10.82.220.193]) by rcdn-core2-6.cisco.com (8.14.3/8.14.3) with ESMTP id q1H1qsFT030233; Fri, 17 Feb 2012 01:52:54 GMT
From: Dan Wing <dwing@cisco.com>
To: "'Martin, Steve'" <s.martin1@lancaster.ac.uk>, ipv6@ietf.org
References: <C03F3430284E23419D3BD41E5827FE11891559@EX-1-MB0.lancs.local>
In-Reply-To: <C03F3430284E23419D3BD41E5827FE11891559@EX-1-MB0.lancs.local>
Subject: RE: draft-macaulay-6man-packet-stain-00 High Level Questions
Date: Thu, 16 Feb 2012 17:52:54 -0800
Message-ID: <049801cced16$ddc8f5a0$995ae0e0$@com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook 12.0
Thread-Index: Aczs8AhinRQbX7jrRoaOqLMHJv2jbwAJcagQ
Content-Language: en-us
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipv6>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 17 Feb 2012 01:53:00 -0000
> -----Original Message----- > From: ipv6-bounces@ietf.org [mailto:ipv6-bounces@ietf.org] On Behalf Of > Martin, Steve > Sent: Thursday, February 16, 2012 1:23 PM > To: ipv6@ietf.org > Subject: draft-macaulay-6man-packet-stain-00 High Level Questions > > Hi Tyson, > I've just read your ITEF paper on Packet Staining, a very interesting > idea and relevant to an area of research that I'm looking at. > > Something that I've been considering is how might IPv6 impact > individuals, i.e. home users who typically have limited internet > security. Under IPv4 NAT has provided an "accidental" firewall that > has been very beneficial to such subscribers. As the migration to IPv6 > takes hold, it strikes me that specific firewalls will become mandatory > (and critical that they are kept up to date), but those subscribers > won't perceive any benefit from such devices (at least not until it is > too late) and will simply connect devices directly to the internet with > insufficient protection. RFC6092, "Recommended Simple Security Capabilities in Customer Premises Equipment (CPE) for Providing Residential IPv6 Internet Service", recommends that equipment filter by default. And I know both Apple and Linksys ship with IPv6 filters by default. I expect other vendors (e.g., D-Link) have IPv6 filters by default, too. The proverbial "Grandma" does not want her IPv6 NAS or IPv6 television accessed by someone on the Internet by default. Grandma should have to do something on the NAS or the television to enable that remote access if she wanted it. -d > So, and this is where you paper is relevant, I have been pondering how > IPv6 can be deployed to these subscribers with the added benefit of the > "built-in" security that they have been used to with the likes of NAT. > > Am I right in understanding that you packet staining could provide > service provision that might include any number of the following: > > * Spam Assessment > * Parental Controls > * Malware Detection > * Forged Certificates > * etc > > Some of the above would require deep packet inspection, at least as far > as protocol, and in some cases of the actual data. Is this within > scope of what you envisage ? > > It strikes me that your Packet Staining concept could enable the > provision of services that meet the needs of these subscribers in a > manner that will enable them to "configure and forget", much like they > already experience with Anti-Virus products which regularly download > updates), except that they would get the benefit of a more intelligent > process that has a re timely updates and the potential for filtering at > the perimeter or the endpoint. > > Finally, it is not clear to me whether there is any impact if IPsec is > involved, which would prevent such a level of packet inspection. > > Many thanks for you contribution and thoughts. > > Regards > Steve Martin
- draft-macaulay-6man-packet-stain-00 High Level Qu… Martin, Steve
- Re: draft-macaulay-6man-packet-stain-00 High Leve… Brian E Carpenter
- RE: draft-macaulay-6man-packet-stain-00 High Leve… Dan Wing