IETF Logo Mail Archive

Re: [v6ops] Default IPv6 Local Only Addressing for Non-Internet Devices (Fwd: New Version Notification for draft-smith-v6ops-local-only-addressing-00.txt)

Ted Lemon <mellon@fugue.com> Tue, 15 October 2019 15:13 UTC

Return-Path: <mellon@fugue.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5E50C120803 for <v6ops@ietfa.amsl.com>; Tue, 15 Oct 2019 08:13:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fugue-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id e9vmlm2PCTnG for <v6ops@ietfa.amsl.com>; Tue, 15 Oct 2019 08:13:56 -0700 (PDT)
Received: from mail-qk1-x72e.google.com (mail-qk1-x72e.google.com [IPv6:2607:f8b0:4864:20::72e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 53003120857 for <v6ops@ietf.org>; Tue, 15 Oct 2019 08:13:56 -0700 (PDT)
Received: by mail-qk1-x72e.google.com with SMTP id h126so19490602qke.10 for <v6ops@ietf.org>; Tue, 15 Oct 2019 08:13:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fugue-com.20150623.gappssmtp.com; s=20150623; h=mime-version:subject:from:in-reply-to:date:cc:message-id:references :to; bh=WdssGuf26Ki9b9l/XXLtMWSXPRtz2hg+cBwZ9lFQgMk=; b=kJTOuTCKCMo1Gd8WrHTnSzbi/b8lCLnsBx/vpsyn/HbJe9BSIfQVuVXMnAbvtDHISM GQvGM1uATJ3tqpIZUF95jyXGkPhxYu1INN7dj/+Dpe72tNjLlH6OywCd4aaxQUIglKT4 PJ3vYfdzlni36irKq6uoVV4ZhcmB8ua9MsWGLdP+7N36U3hfQ9FM1vKr/v8bk5DNWHhI ktVBfwVAW2zCf1+cdWWkQr1h6gCjGrMxOmUEcFJtIxs+iVOmM9LAns2yG09HyOMSzI8i R4P7HdLpxGGyV46B2Phd8KMy+1y2fVgyFZoIjvaQTPgArVdU7iugivTgmlNbVU0h0YYp 3lHQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :message-id:references:to; bh=WdssGuf26Ki9b9l/XXLtMWSXPRtz2hg+cBwZ9lFQgMk=; b=eY/8neqQISqsl4WXq3ICMHBqsjhlYL2oneTlGg4J10DleKJt/lTcQ+ZoVfIBfOplGR ufDHqHAKzIcz1KcKb5amYlftFcm7LFzoSuuIaeAc+7QkJHTVnUrHPZxa9Sr9qT9v/Sdj q/fViTkkgWx7zZvD4QvWq4KLcFFtEYS3LnH8QkxE0vNYI0GwRHlhmdkjvP5i4mznzTsf BuNFLiUsjSQpdBVrmW2ULbG8KlS7uI979BnvFfRj2FsSUoPqdivPoJ9PGBzRMEpbqhmF m5WPZrTRNUQqoIbnJ7QxauYSof87pq3z34xLGsXsDShHXDGGjOglK2h4rvW6MSQu5Uek XAiw==
X-Gm-Message-State: APjAAAVoYYv6IPbyvApCiWvzamxGyI+e8pqY5clZ4ObuPgNvZp1QXZI6 JmDPPq0BIb+YfMtOx3DPCxruNg==
X-Google-Smtp-Source: APXvYqxTctuyGH0cGR9Qyr5o/L4sMy0Gq+67Un/91z4rBRB2AcXHeqU64maUPAG58qmTgcGCgpFo8g==
X-Received: by 2002:ae9:f714:: with SMTP id s20mr35010827qkg.262.1571152435223; Tue, 15 Oct 2019 08:13:55 -0700 (PDT)
Received: from [10.0.10.46] (c-73-186-137-119.hsd1.nh.comcast.net. [73.186.137.119]) by smtp.gmail.com with ESMTPSA id f27sm9683504qtv.85.2019.10.15.08.13.54 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 15 Oct 2019 08:13:54 -0700 (PDT)
Content-Type: multipart/alternative; boundary="Apple-Mail=_2AE200C9-6BF8-47A5-86BF-A8CF8526F1D6"
Mime-Version: 1.0 (Mac OS X Mail 13.0 \(3601.0.4\))
From: Ted Lemon <mellon@fugue.com>
X-Priority: Medium
In-Reply-To: <16dcff0d5c1.ccf1d708118262.791262979954754844@shytyi.net>
Date: Tue, 15 Oct 2019 11:13:53 -0400
Cc: Gert Doering <gert@space.net>, v6ops list <v6ops@ietf.org>
Message-Id: <5CD8E0C6-7EF5-472D-B7EE-4CCD0D9B104E@fugue.com>
References: <157110985111.24757.5250925329628210289.idtracker@ietfa.amsl.com> <CAO42Z2wFHVwUG+P8fhFqCJg9X4BN0JLooCtKjiQ8LsxzxKsCDQ@mail.gmail.com> <CAFU7BATLc8dF--hMhEoJj0n4bKD_MEt_BVbbEmGFp_hkrnaPqw@mail.gmail.com> <20191015081553.GO55186@Space.Net> <16dcff0d5c1.ccf1d708118262.791262979954754844@shytyi.net>
To: Dmytro Shytyi <ietf.dmytro@shytyi.net>
X-Mailer: Apple Mail (2.3601.0.4)
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/DtfLq0rIZZzOAR2aEvP3FVydBqM>
Subject: Re: [v6ops] Default IPv6 Local Only Addressing for Non-Internet Devices (Fwd: New Version Notification for draft-smith-v6ops-local-only-addressing-00.txt)
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Oct 2019 15:14:06 -0000

On Oct 15, 2019, at 11:02 AM, Dmytro Shytyi <ietf.dmytro@shytyi.net> wrote:
> From the point when device is connected to the internet it becomes a Node that could be reached outside by external users.
> The firmware of such devices is updated not that frequenly. It could be dangerous.

True.

> From the point I put my device in DMZ in few moments i see in the log the "Access denied via ssh for user root".

Yes, we all see these sorts of things.

> Thus, I think, it is an important thing the authors of the draft highlight.

The problem is that this is not really a good way to solve the problem, and I’d be surprised if anyone implemented it.  If you and/or the authors want to work on this problem, I think that would be worthwhile, but I think you need to think about a different solution.   That’s why I suggested that you look at the work that is being done with MUD (e.g., RFC 8520).

v2.23.0 | Report a Bug | By Email