Re: I-D.ietf-v6ops-cpe-simple-security-09
Brian E Carpenter <brian.e.carpenter@gmail.com> Sun, 21 March 2010 00:21 UTC
Return-Path: <owner-v6ops@ops.ietf.org>
X-Original-To: ietfarch-v6ops-archive@core3.amsl.com
Delivered-To: ietfarch-v6ops-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 116E53A692F for <ietfarch-v6ops-archive@core3.amsl.com>; Sat, 20 Mar 2010 17:21:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.635
X-Spam-Level:
X-Spam-Status: No, score=0.635 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, DNS_FROM_OPENWHOIS=1.13, FH_RELAY_NODNS=1.451, HELO_MISMATCH_COM=0.553, RDNS_NONE=0.1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jQ6reK9WeNEw for <ietfarch-v6ops-archive@core3.amsl.com>; Sat, 20 Mar 2010 17:21:29 -0700 (PDT)
Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id 8093F3A6832 for <v6ops-archive@lists.ietf.org>; Sat, 20 Mar 2010 17:21:29 -0700 (PDT)
Received: from majordom by psg.com with local (Exim 4.71 (FreeBSD)) (envelope-from <owner-v6ops@ops.ietf.org>) id 1Nt8tf-000Hdu-PB for v6ops-data0@psg.com; Sun, 21 Mar 2010 00:20:03 +0000
Received: from [209.85.210.184] (helo=mail-yx0-f184.google.com) by psg.com with esmtp (Exim 4.71 (FreeBSD)) (envelope-from <brian.e.carpenter@gmail.com>) id 1Nt8tb-000HcA-86 for v6ops@ops.ietf.org; Sun, 21 Mar 2010 00:19:59 +0000
Received: by yxe14 with SMTP id 14so2108217yxe.5 for <v6ops@ops.ietf.org>; Sat, 20 Mar 2010 17:19:58 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from :organization:user-agent:mime-version:to:cc:subject:references :in-reply-to:content-type:content-transfer-encoding; bh=qbPIcD0JZ0N2qHUzVmRrcmWu5zazLMqNQatZuO3zZQk=; b=aJbEl+o8tc8hNlJm2XzvqfiuUw/jZkqetctOPwDcU27+gtTzGFuwcdDXLiP52jLBFq 9fyV1VecJAVBVBf3SllPw9SmBnWHrJQrXbcs1DhQRc2QbKeSAl1NsboJ6XMLADqoSzJ2 wGn5snj6l42XAronqcVD/+1U8nsxT5VfB/7BQ=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:organization:user-agent:mime-version:to:cc :subject:references:in-reply-to:content-type :content-transfer-encoding; b=nB3eHM+bliWzMaAo4Nrgt8AGsIjQ+/T8lQ/UZvG2IJZ9BVJCz+Mg8xOQYgGnmNED+t pZ91uCTi9xwso++drGIJ6oaLmw7FwAXqgW3khGasBnfCq95+PQy/kikvZQcjKYXmx7iX r5JATTIHY77kvQuD7cV3dVgN8avBP817kY9gY=
Received: by 10.101.155.13 with SMTP id h13mr4986501ano.14.1269130798581; Sat, 20 Mar 2010 17:19:58 -0700 (PDT)
Received: from [130.129.24.199] ([130.129.24.199]) by mx.google.com with ESMTPS id 20sm960783iwn.5.2010.03.20.17.19.57 (version=SSLv3 cipher=RC4-MD5); Sat, 20 Mar 2010 17:19:57 -0700 (PDT)
Message-ID: <4BA56626.20606@gmail.com>
Date: Sun, 21 Mar 2010 13:19:50 +1300
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
Organization: University of Auckland
User-Agent: Thunderbird 2.0.0.6 (Windows/20070728)
MIME-Version: 1.0
To: Mark Townsley <townsley@cisco.com>
CC: james woodyatt <jhw@apple.com>, IPv6 Operations <v6ops@ops.ietf.org>
Subject: Re: I-D.ietf-v6ops-cpe-simple-security-09
References: <D6F5ACD2-EB43-477E-9F48-AC3EDB3F7EB4@apple.com> <4BA3BBCF.2090903@cisco.com> <4BA3D1B3.4010501@gmail.com> <4BA3DAAA.10000@cisco.com> <4BA40DD1.7080306@gmail.com> <6C168711-6A34-4487-9911-92766513183C@apple.com> <4BA522E8.7050504@cisco.com>
In-Reply-To: <4BA522E8.7050504@cisco.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Sender: owner-v6ops@ops.ietf.org
Precedence: bulk
List-ID: <v6ops.ops.ietf.org>
On 2010-03-21 08:32, Mark Townsley wrote: > > On 3/20/10 1:32 AM, james woodyatt wrote: >> On Mar 19, 2010, at 16:50, Brian E Carpenter wrote: >> >>> But I'm afraid that the simplicity of 'default deny' has long >>> ago won the hearts and minds of enterprise network managers. >>> >> Sadly, enterprise network managers aren't the only people whose >> legitimate interests are at stake in the matter under discussion. >> > This document is clearly scoped in the first sentence of the > Introduction to: > > "gateway devices that enable delivery of Internet services in > residential and small office settings." > > So, I'm not sure why we are even considering enterprise network managers > here. Fair enough, but... > > The networks themselves, the assets under protection, the types of > applications, are quite different > between and enterprise network and residential network. Indeed. But ISPs that supply CPE to their customers are going to assume that their customers are running unpatched insecure operating systems at high risk of catching malware. So I think they are just as likely as enterprise IT departments to favour default deny approaches. Brian > > - Mark >> >> -- >> james woodyatt<jhw@apple.com> >> member of technical staff, communications engineering >> >> >> >> >> > > >
- I-D.ietf-v6ops-cpe-simple-security-09 james woodyatt
- Re: I-D.ietf-v6ops-cpe-simple-security-09 Mark Baugher
- Re: I-D.ietf-v6ops-cpe-simple-security-09 james woodyatt
- Re: I-D.ietf-v6ops-cpe-simple-security-09 Fred Baker
- Re: I-D.ietf-v6ops-cpe-simple-security-09 Fred Baker
- Re: I-D.ietf-v6ops-cpe-simple-security-09 james woodyatt
- Re: I-D.ietf-v6ops-cpe-simple-security-09 Mark Baugher
- Re: I-D.ietf-v6ops-cpe-simple-security-09 james woodyatt
- Re: I-D.ietf-v6ops-cpe-simple-security-09 Mark Baugher
- Re: I-D.ietf-v6ops-cpe-simple-security-09 Mark Baugher
- Re: I-D.ietf-v6ops-cpe-simple-security-09 Ole Troan
- Re: I-D.ietf-v6ops-cpe-simple-security-09 Mark Baugher
- Re: I-D.ietf-v6ops-cpe-simple-security-09 Mark Baugher
- RE: I-D.ietf-v6ops-cpe-simple-security-09 STARK, BARBARA H (ATTLABS)
- Re: I-D.ietf-v6ops-cpe-simple-security-09 james woodyatt
- Fwd: I-D.ietf-v6ops-cpe-simple-security-09 - ICMP… Rémi Després
- Re: I-D.ietf-v6ops-cpe-simple-security-09 - ICMP … james woodyatt
- Re: I-D.ietf-v6ops-cpe-simple-security-09 - ICMP … Rémi Després
- Re: I-D.ietf-v6ops-cpe-simple-security-09 Brian E Carpenter
- Re: I-D.ietf-v6ops-cpe-simple-security-09 Mark Smith
- Re: I-D.ietf-v6ops-cpe-simple-security-09 Mark Townsley
- Re: I-D.ietf-v6ops-cpe-simple-security-09 Brian E Carpenter
- Re: I-D.ietf-v6ops-cpe-simple-security-09 Mark Townsley
- Re: I-D.ietf-v6ops-cpe-simple-security-09 james woodyatt
- Re: I-D.ietf-v6ops-cpe-simple-security-09 Brian E Carpenter
- Re: I-D.ietf-v6ops-cpe-simple-security-09 james woodyatt
- Re: I-D.ietf-v6ops-cpe-simple-security-09 Mark Townsley
- Re: I-D.ietf-v6ops-cpe-simple-security-09 Mark Townsley
- Re: I-D.ietf-v6ops-cpe-simple-security-09 Mark Townsley
- Re: I-D.ietf-v6ops-cpe-simple-security-09 Fred Baker
- Re: I-D.ietf-v6ops-cpe-simple-security-09 Fred Baker
- Re: I-D.ietf-v6ops-cpe-simple-security-09 Mark Townsley
- Re: I-D.ietf-v6ops-cpe-simple-security-09 Mark Townsley
- Re: I-D.ietf-v6ops-cpe-simple-security-09 Fred Baker
- Re: I-D.ietf-v6ops-cpe-simple-security-09 Shane Amante
- Re: I-D.ietf-v6ops-cpe-simple-security-09 Mark Smith
- Re: I-D.ietf-v6ops-cpe-simple-security-09 Cameron Byrne
- Re: I-D.ietf-v6ops-cpe-simple-security-09 james woodyatt
- Re: I-D.ietf-v6ops-cpe-simple-security-09 Mark Smith
- Re: I-D.ietf-v6ops-cpe-simple-security-09 Gert Doering
- Re: I-D.ietf-v6ops-cpe-simple-security-09 Mark Townsley
- Re: I-D.ietf-v6ops-cpe-simple-security-09 Mark Townsley
- Re: I-D.ietf-v6ops-cpe-simple-security-09 Brian E Carpenter
- Re: I-D.ietf-v6ops-cpe-simple-security-09 Mark Townsley
- Re: I-D.ietf-v6ops-cpe-simple-security-09 Mark Smith
- Re: I-D.ietf-v6ops-cpe-simple-security-09 Mark Townsley
- Re: I-D.ietf-v6ops-cpe-simple-security-09 james woodyatt
- Re: I-D.ietf-v6ops-cpe-simple-security-09 Mark Townsley
- Re: I-D.ietf-v6ops-cpe-simple-security-09 Mark Townsley
- Re: I-D.ietf-v6ops-cpe-simple-security-09 Mark Townsley
- Re: I-D.ietf-v6ops-cpe-simple-security-09 Brian E Carpenter
- Re: I-D.ietf-v6ops-cpe-simple-security-09 james woodyatt
- Status of RFC 4864 (was Re: I-D.ietf-v6ops-cpe-si… Mark Townsley
- Re: I-D.ietf-v6ops-cpe-simple-security-09 Mark Townsley
- Re: I-D.ietf-v6ops-cpe-simple-security-09 Mark Smith
- Re: I-D.ietf-v6ops-cpe-simple-security-09 Mark Townsley
- Re: I-D.ietf-v6ops-cpe-simple-security-09 Ole Troan
- Re: I-D.ietf-v6ops-cpe-simple-security-09 Brian E Carpenter