[OPSAWG] draft-baker-opsawg-firewalls-00.txt
Fred Baker <fred@cisco.com> Sat, 21 January 2012 01:27 UTC
Return-Path: <fred@cisco.com>
X-Original-To: opsawg@ietfa.amsl.com
Delivered-To: opsawg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EEA4B21F85DF for <opsawg@ietfa.amsl.com>; Fri, 20 Jan 2012 17:27:08 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.427
X-Spam-Level:
X-Spam-Status: No, score=-106.427 tagged_above=-999 required=5 tests=[AWL=0.172, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZTdAIe67gCkw for <opsawg@ietfa.amsl.com>; Fri, 20 Jan 2012 17:27:08 -0800 (PST)
Received: from mtv-iport-2.cisco.com (mtv-iport-2.cisco.com [173.36.130.13]) by ietfa.amsl.com (Postfix) with ESMTP id 4760621F852B for <opsawg@ietf.org>; Fri, 20 Jan 2012 17:27:08 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=fred@cisco.com; l=1957; q=dns/txt; s=iport; t=1327109228; x=1328318828; h=mime-version:subject:from:date:cc:message-id:references: to:content-transfer-encoding; bh=9dQFPEVlTGu06YFIcO56IbkmyH8oVXc4Tty2jpQebYI=; b=TFwTZaSReF35wH3qDzjVQPi0+hQyyqSvkRabWbnAR2xN+tHJMIJKXG2X WmOG1ukA6Vw20BCjZMiBkmW+bbEYpv2Cp5foo8+ATtV2zSrWGdVw47Aid 2CxFHZ3xk7HDA8Zy8ek8YVQS4aLLfGtZ8QvUHeB0pECwD/0W7cZzJI75e U=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: Av0EAFsTGk+rRDoJ/2dsb2JhbABDrg2BBYFyAQEBAwESASc/BQscAwECL08IGSKHWgiaMQGeL4kKgjljBIg8jF2FVY0X
X-IronPort-AV: E=Sophos;i="4.71,546,1320624000"; d="scan'208";a="26468161"
Received: from mtv-core-4.cisco.com ([171.68.58.9]) by mtv-iport-2.cisco.com with ESMTP; 21 Jan 2012 01:27:06 +0000
Received: from stealth-10-32-244-218.cisco.com (stealth-10-32-244-218.cisco.com [10.32.244.218]) by mtv-core-4.cisco.com (8.14.3/8.14.3) with ESMTP id q0L1R5t1007046; Sat, 21 Jan 2012 01:27:06 GMT
Received: from [127.0.0.1] by stealth-10-32-244-218.cisco.com (PGP Universal service); Fri, 20 Jan 2012 17:27:06 -0800
X-PGP-Universal: processed; by stealth-10-32-244-218.cisco.com on Fri, 20 Jan 2012 17:27:06 -0800
Mime-Version: 1.0 (Apple Message framework v1084)
From: Fred Baker <fred@cisco.com>
Date: Fri, 20 Jan 2012 17:26:34 -0800
Message-Id: <F704909F-1EEA-42D9-94BD-1E6141539DF8@cisco.com>
References: <20120121011325.3221.79641.idtracker@ietfa.amsl.com>
To: opsawg@ietf.org
X-Mailer: Apple Mail (2.1084)
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
X-Mailman-Approved-At: Fri, 20 Jan 2012 17:33:30 -0800
Cc: draft-vyncke-advanced-ipv6-security@tools.ietf.org, homenet-chairs@tools.ietf.org, james woodyatt <jhw@apple.com>, Ron Bonica <ron@bonica.org>
Subject: [OPSAWG] draft-baker-opsawg-firewalls-00.txt
X-BeenThere: opsawg@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OPSA Working Group Mail List <opsawg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsawg>, <mailto:opsawg-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/opsawg>
List-Post: <mailto:opsawg@ietf.org>
List-Help: <mailto:opsawg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsawg>, <mailto:opsawg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 21 Jan 2012 01:27:09 -0000
> From: internet-drafts@ietf.org > Date: January 20, 2012 5:13:25 PM PST > To: fred@cisco.com > Cc: fred@cisco.com > Subject: New Version Notification for draft-baker-opsawg-firewalls-00.txt > > A new version of I-D, draft-baker-opsawg-firewalls-00.txt has been successfully submitted by Fred Baker and posted to the IETF repository. > > Filename: draft-baker-opsawg-firewalls > Revision: 00 > Title: On Firewalls in Internet Security > Creation date: 2012-01-21 > WG ID: Individual Submission > Number of pages: 12 > > Abstract: > There is an ongoing discussion regarding the place of firewalls in > security. This note is intended to capture and try to make sense out > of it. > > The IETF Secretariat Folks: When the IPv6 Operations WG was looking at firewalls for IPv6, the working group experienced a clash of worldviews. One world view said "I have a marketplace requirement to provide perimeter security - firewalls - or people won't deploy IPv6 in their residential networks", and the other said "we really don't want to have firewalls in the IPv6 network." The discussion has resurfaced in homenet. A little bedtime reading: https://tools.ietf.org/html/rfc6092 6092 Recommended Simple Security Capabilities in Customer Premises Equipment (CPE) for Providing Residential IPv6 Internet Service. J. Woodyatt, Ed.. January 2011. (Format: TXT=91729 bytes) (Status: INFORMATIONAL) http://tools.ietf.org/html/draft-vyncke-advanced-ipv6-security "Advanced Security for IPv6 CPE", Eric Vyncke, Andrew Yourtchenko, Mark Townsley, 31-Oct-11 I took some time to attempt to organize a line of reasoning, that would enable us to give hopefully-unbiased guidance on the topic, or at least have a low-blood-pressure discussion of it. That's this draft. I would appreciate your thoughts on it and on the topic it addresses.
- [OPSAWG] draft-baker-opsawg-firewalls-00.txt Fred Baker
- [OPSAWG] draft-baker-opsawg-firewalls-00.txt Fred Baker
- Re: [OPSAWG] draft-baker-opsawg-firewalls-00.txt Christopher LILJENSTOLPE