IETF Logo Mail Archive

Re: [v6ops] draft-ietf-v6ops-balanced-ipv6-security WGLC

Ted Lemon <Ted.Lemon@nominum.com> Wed, 13 November 2013 15:30 UTC

Return-Path: <Ted.Lemon@nominum.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 72B5E21F9C6C for <v6ops@ietfa.amsl.com>; Wed, 13 Nov 2013 07:30:00 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.584
X-Spam-Level:
X-Spam-Status: No, score=-106.584 tagged_above=-999 required=5 tests=[AWL=0.015, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id b1KPouObasAk for <v6ops@ietfa.amsl.com>; Wed, 13 Nov 2013 07:29:53 -0800 (PST)
Received: from exprod7og128.obsmtp.com (exprod7og128.obsmtp.com [64.18.2.121]) by ietfa.amsl.com (Postfix) with ESMTP id BB11021F9BC1 for <v6ops@ietf.org>; Wed, 13 Nov 2013 07:29:53 -0800 (PST)
Received: from shell-too.nominum.com ([64.89.228.229]) (using TLSv1) by exprod7ob128.postini.com ([64.18.6.12]) with SMTP ID DSNKUoOa8SKPYSzDf5sY9mRS/msSvmX/dzat@postini.com; Wed, 13 Nov 2013 07:29:53 PST
Received: from archivist.nominum.com (archivist.nominum.com [64.89.228.108]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "*.nominum.com", Issuer "Go Daddy Secure Certification Authority" (verified OK)) by shell-too.nominum.com (Postfix) with ESMTP id 5F9D81B82DC for <v6ops@ietf.org>; Wed, 13 Nov 2013 07:29:53 -0800 (PST)
Received: from webmail.nominum.com (cas-01.win.nominum.com [64.89.228.131]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (Client CN "mail.nominum.com", Issuer "Go Daddy Secure Certification Authority" (verified OK)) by archivist.nominum.com (Postfix) with ESMTPS id 4052319005D; Wed, 13 Nov 2013 07:29:53 -0800 (PST) (envelope-from Ted.Lemon@nominum.com)
Received: from MBX-01.WIN.NOMINUM.COM ([64.89.228.133]) by CAS-01.WIN.NOMINUM.COM ([64.89.228.131]) with mapi id 14.03.0158.001; Wed, 13 Nov 2013 07:29:53 -0800
From: Ted Lemon <Ted.Lemon@nominum.com>
To: Tarko Tikan <tarko@lanparty.ee>
Thread-Topic: [v6ops] draft-ietf-v6ops-balanced-ipv6-security WGLC
Thread-Index: AQHO3kcgifX5dH755Eqorh2n2HqLtpoih2QAgAAloACAALU7gIAAcbEA
Date: Wed, 13 Nov 2013 15:29:52 +0000
Message-ID: <A453058E-C40C-4D3A-83F0-FB6851A501DD@nominum.com>
References: <201311101900.rAAJ0AR6025350@irp-view13.cisco.com> <CAB0C4xOfz_JAjEEJZ-Zz7MBEyZhVzrAE+8Ghf1ggC3+9pyHmNg@mail.gmail.com> <989B8ED6-273E-45D4-BFD8-66A1793A1C9F@cisco.com> <52833B8F.10708@lanparty.ee>
In-Reply-To: <52833B8F.10708@lanparty.ee>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [192.168.1.10]
Content-Type: text/plain; charset="us-ascii"
Content-ID: <A65BED79B6895A4FA8C645E528A0F4D9@nominum.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "v6ops@ietf.org WG" <v6ops@ietf.org>
Subject: Re: [v6ops] draft-ietf-v6ops-balanced-ipv6-security WGLC
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/v6ops>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 13 Nov 2013 15:30:00 -0000

On Nov 13, 2013, at 3:42 AM, Tarko Tikan <tarko@lanparty.ee> wrote:
> I'd prefer application to signal to edge routers and have firewall there, this way to-be-denied packets never make it to CPE and will not congest AN uplinks.

You could definitely do this with PCP, but do you really want to encourage the installation of firewalls in this part of the network?   I suspect the law of unintended consequences is worth paying attention to here.

v2.23.0 | Report a Bug | By Email