Re: [Netrqmts] IETF 105 Minutes

Toerless Eckert <tte@cs.fau.de> Wed, 31 July 2019 18:34 UTC

Return-Path: <eckert@i4.informatik.uni-erlangen.de>
X-Original-To: netrqmts@ietfa.amsl.com
Delivered-To: netrqmts@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4EC1B1206F0 for <netrqmts@ietfa.amsl.com>; Wed, 31 Jul 2019 11:34:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.951
X-Spam-Level:
X-Spam-Status: No, score=-3.951 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.249, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RppoJIFJOccX for <netrqmts@ietfa.amsl.com>; Wed, 31 Jul 2019 11:34:01 -0700 (PDT)
Received: from faui40.informatik.uni-erlangen.de (faui40.informatik.uni-erlangen.de [IPv6:2001:638:a000:4134::ffff:40]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 79F8E1206D2 for <netrqmts@ietf.org>; Wed, 31 Jul 2019 11:34:01 -0700 (PDT)
Received: from faui48f.informatik.uni-erlangen.de (faui48f.informatik.uni-erlangen.de [131.188.34.52]) by faui40.informatik.uni-erlangen.de (Postfix) with ESMTP id 42012548002; Wed, 31 Jul 2019 20:33:55 +0200 (CEST)
Received: by faui48f.informatik.uni-erlangen.de (Postfix, from userid 10463) id 32BDE440041; Wed, 31 Jul 2019 20:33:55 +0200 (CEST)
Date: Wed, 31 Jul 2019 20:33:55 +0200
From: Toerless Eckert <tte@cs.fau.de>
To: Michael Richardson <mcr+ietf@sandelman.ca>
Cc: netrqmts@ietf.org
Message-ID: <20190731183355.zyof72e5yjpcksoe@faui48f.informatik.uni-erlangen.de>
References: <DF3803B7-C05B-4A31-B873-73A86B1416CE@vigilsec.com> <19915.1564514403@localhost> <20190730202439.zl6gjvzasxofvej2@faui48f.informatik.uni-erlangen.de> <27837.1564524525@localhost> <67849904-0195-d913-f4f5-3ce068039b71@sandelman.ca>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <67849904-0195-d913-f4f5-3ce068039b71@sandelman.ca>
User-Agent: NeoMutt/20170113 (1.7.2)
Archived-At: <https://mailarchive.ietf.org/arch/msg/netrqmts/EdPXmP-SrXXmm85O_qkrgvriS0U>
Subject: Re: [Netrqmts] IETF 105 Minutes
X-BeenThere: netrqmts@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF Meeting Network Requirements <netrqmts.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netrqmts>, <mailto:netrqmts-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netrqmts/>
List-Post: <mailto:netrqmts@ietf.org>
List-Help: <mailto:netrqmts-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netrqmts>, <mailto:netrqmts-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 31 Jul 2019 18:34:11 -0000

Right. Kinda unavoidable in that case. But lets ignore IPv4.
The question really is whether we should going forward expect all
network connected devices to have a firewall themselves, and if so,
what, and if not, then what should the network in front of them do.
Thats at least the IETF stds. relevant conversion of my ask.

McAffee on this one:

https://www.amazon.com/Grillbot-Automatic-Cleaning-Carrying-Accessories/dp/B01HJCQ3D4/ref=asc_df_B01HJCQ3D4/?tag=hyprod-20&linkCode=df0&hvadid=167125192708&hvpos=1o4&hvnetw=g&hvrand=7572155483155878630&hvpone=&hvptwo=&hvqmt=&hvdev=c&hvdvcmdl=&hvlocint=&hvlocphy=9032151&hvtargid=pla-340511541004&psc=1

;-))

Someone should do a web-page/blog on "worst IoT ideas".

Cheers
    Toerless

On Wed, Jul 31, 2019 at 02:27:30PM -0400, Michael Richardson wrote:
> On 2019-07-30 6:08 p.m., Michael Richardson wrote:
> >      > all those users not working at the network level. I also think that
> >      > folks who want to test if their applications work well and invested
> >      > into ICE/STUN and other firewall traversal mechanisms (like RTCweb and
> >      > other app groups), would maybe like to have something more reflective
> >      > of relevant end-user access (with firewall).
> > 
> > A $22 home router fixes that problem.
> 
> Actually, I realized in the shower this morning, that the ietf-nat64 network
> provides all the "security" of a home router, in that TCP SYN packets leave,
> but can never enter.
> 
> 
> 
> -- 
> Netrqmts mailing list
> Netrqmts@ietf.org
> https://www.ietf.org/mailman/listinfo/netrqmts

-- 
---
tte@cs.fau.de