Re: I-D.ietf-v6ops-cpe-simple-security-09
Mark Smith <ipng@69706e6720323030352d30312d31340a.nosense.org> Sun, 21 March 2010 19:08 UTC
Return-Path: <owner-v6ops@ops.ietf.org>
X-Original-To: ietfarch-v6ops-archive@core3.amsl.com
Delivered-To: ietfarch-v6ops-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 35B933A690A for <ietfarch-v6ops-archive@core3.amsl.com>; Sun, 21 Mar 2010 12:08:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.775
X-Spam-Level: *
X-Spam-Status: No, score=1.775 tagged_above=-999 required=5 tests=[AWL=-1.284, BAYES_50=0.001, DNS_FROM_OPENWHOIS=1.13, FH_RELAY_NODNS=1.451, HELO_EQ_AU=0.377, RDNS_NONE=0.1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KfXBl1lh7Zvi for <ietfarch-v6ops-archive@core3.amsl.com>; Sun, 21 Mar 2010 12:08:16 -0700 (PDT)
Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id ED7153A691F for <v6ops-archive@lists.ietf.org>; Sun, 21 Mar 2010 12:08:14 -0700 (PDT)
Received: from majordom by psg.com with local (Exim 4.71 (FreeBSD)) (envelope-from <owner-v6ops@ops.ietf.org>) id 1NtQTw-0002Lw-Hi for v6ops-data0@psg.com; Sun, 21 Mar 2010 19:06:40 +0000
Received: from [202.136.110.251] (helo=smtp2.adam.net.au) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.71 (FreeBSD)) (envelope-from <ipng@69706e6720323030352d30312d31340a.nosense.org>) id 1NtQTt-0002Lf-R3 for v6ops@ops.ietf.org; Sun, 21 Mar 2010 19:06:38 +0000
Received: from 219-90-253-216.ip.adam.com.au ([219.90.253.216] helo=opy.nosense.org) by smtp2.adam.net.au with esmtp (Exim 4.63) (envelope-from <ipng@69706e6720323030352d30312d31340a.nosense.org>) id 1NtQTi-00009r-2S; Mon, 22 Mar 2010 05:36:26 +1030
Received: from opy.nosense.org (localhost.localdomain [IPv6:::1]) by opy.nosense.org (Postfix) with ESMTP id 8FF3C4930C; Mon, 22 Mar 2010 05:36:25 +1030 (CST)
Date: Mon, 22 Mar 2010 05:36:25 +1030
From: Mark Smith <ipng@69706e6720323030352d30312d31340a.nosense.org>
To: Brian E Carpenter <brian.e.carpenter@gmail.com>
Cc: Gert Doering <gert@space.net>, Mark Townsley <townsley@cisco.com>, james woodyatt <jhw@apple.com>, IPv6 Operations <v6ops@ops.ietf.org>
Subject: Re: I-D.ietf-v6ops-cpe-simple-security-09
Message-ID: <20100322053625.409b21e6@opy.nosense.org>
In-Reply-To: <4BA6575D.7070300@gmail.com>
References: <D6F5ACD2-EB43-477E-9F48-AC3EDB3F7EB4@apple.com> <4BA3BBCF.2090903@cisco.com> <4BA3D1B3.4010501@gmail.com> <4BA3DAAA.10000@cisco.com> <4BA40DD1.7080306@gmail.com> <6C168711-6A34-4487-9911-92766513183C@apple.com> <4BA522E8.7050504@cisco.com> <4BA56626.20606@gmail.com> <20100321133831.GL69383@Space.Net> <4BA6575D.7070300@gmail.com>
X-Mailer: Claws Mail 3.7.5 (GTK+ 2.18.7; x86_64-unknown-linux-gnu)
X-Location: Lower Mitcham, South Australia, 5062
Mime-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
Sender: owner-v6ops@ops.ietf.org
Precedence: bulk
List-ID: <v6ops.ops.ietf.org>
On Mon, 22 Mar 2010 06:29:01 +1300 Brian E Carpenter <brian.e.carpenter@gmail.com> wrote: > On 2010-03-22 02:38, Gert Doering wrote: > > Hi, > > > > On Sun, Mar 21, 2010 at 01:19:50PM +1300, Brian E Carpenter wrote: > >> Indeed. But ISPs that supply CPE to their customers are going to > >> assume that their customers are running unpatched insecure operating > >> systems at high risk of catching malware. So I think they are just as > >> likely as enterprise IT departments to favour default deny approaches. > > > > We're not. > > > > We provide *Internet* services. Not "walled garden" services. > > > > If the customer wants firewall protection, we're happy to sell it to them, > > but the default package they get is "Internet". Packets transported from > > A to B and vice versa, and we're not maing their packets unhappy unless they > > tell us so. > > I applaud that and it's what I want from my ISP. My comment is that > I don't see this as a universal approach. > > So, I'm wondering what's really wrong with: > > REC-41 Gateways MUST provide an easily selected configuration option > that permits operation in a mode that forwards all unsolicited > flows regardless of forwarding direction. > I don't see anything wrong with it. That the "Vanilla Router" checkbox. In some respects is equivalent to bridge mode on ADSL routers today, which allow end-hosts to terminate the PPPoE/PPP sessions, rather than have the upstream ADSL router do it. Regards, Mark.
- I-D.ietf-v6ops-cpe-simple-security-09 james woodyatt
- Re: I-D.ietf-v6ops-cpe-simple-security-09 Mark Baugher
- Re: I-D.ietf-v6ops-cpe-simple-security-09 james woodyatt
- Re: I-D.ietf-v6ops-cpe-simple-security-09 Fred Baker
- Re: I-D.ietf-v6ops-cpe-simple-security-09 Fred Baker
- Re: I-D.ietf-v6ops-cpe-simple-security-09 james woodyatt
- Re: I-D.ietf-v6ops-cpe-simple-security-09 Mark Baugher
- Re: I-D.ietf-v6ops-cpe-simple-security-09 james woodyatt
- Re: I-D.ietf-v6ops-cpe-simple-security-09 Mark Baugher
- Re: I-D.ietf-v6ops-cpe-simple-security-09 Mark Baugher
- Re: I-D.ietf-v6ops-cpe-simple-security-09 Ole Troan
- Re: I-D.ietf-v6ops-cpe-simple-security-09 Mark Baugher
- Re: I-D.ietf-v6ops-cpe-simple-security-09 Mark Baugher
- RE: I-D.ietf-v6ops-cpe-simple-security-09 STARK, BARBARA H (ATTLABS)
- Re: I-D.ietf-v6ops-cpe-simple-security-09 james woodyatt
- Fwd: I-D.ietf-v6ops-cpe-simple-security-09 - ICMP… Rémi Després
- Re: I-D.ietf-v6ops-cpe-simple-security-09 - ICMP … james woodyatt
- Re: I-D.ietf-v6ops-cpe-simple-security-09 - ICMP … Rémi Després
- Re: I-D.ietf-v6ops-cpe-simple-security-09 Brian E Carpenter
- Re: I-D.ietf-v6ops-cpe-simple-security-09 Mark Smith
- Re: I-D.ietf-v6ops-cpe-simple-security-09 Mark Townsley
- Re: I-D.ietf-v6ops-cpe-simple-security-09 Brian E Carpenter
- Re: I-D.ietf-v6ops-cpe-simple-security-09 Mark Townsley
- Re: I-D.ietf-v6ops-cpe-simple-security-09 james woodyatt
- Re: I-D.ietf-v6ops-cpe-simple-security-09 Brian E Carpenter
- Re: I-D.ietf-v6ops-cpe-simple-security-09 james woodyatt
- Re: I-D.ietf-v6ops-cpe-simple-security-09 Mark Townsley
- Re: I-D.ietf-v6ops-cpe-simple-security-09 Mark Townsley
- Re: I-D.ietf-v6ops-cpe-simple-security-09 Mark Townsley
- Re: I-D.ietf-v6ops-cpe-simple-security-09 Fred Baker
- Re: I-D.ietf-v6ops-cpe-simple-security-09 Fred Baker
- Re: I-D.ietf-v6ops-cpe-simple-security-09 Mark Townsley
- Re: I-D.ietf-v6ops-cpe-simple-security-09 Mark Townsley
- Re: I-D.ietf-v6ops-cpe-simple-security-09 Fred Baker
- Re: I-D.ietf-v6ops-cpe-simple-security-09 Shane Amante
- Re: I-D.ietf-v6ops-cpe-simple-security-09 Mark Smith
- Re: I-D.ietf-v6ops-cpe-simple-security-09 Cameron Byrne
- Re: I-D.ietf-v6ops-cpe-simple-security-09 james woodyatt
- Re: I-D.ietf-v6ops-cpe-simple-security-09 Mark Smith
- Re: I-D.ietf-v6ops-cpe-simple-security-09 Gert Doering
- Re: I-D.ietf-v6ops-cpe-simple-security-09 Mark Townsley
- Re: I-D.ietf-v6ops-cpe-simple-security-09 Mark Townsley
- Re: I-D.ietf-v6ops-cpe-simple-security-09 Brian E Carpenter
- Re: I-D.ietf-v6ops-cpe-simple-security-09 Mark Townsley
- Re: I-D.ietf-v6ops-cpe-simple-security-09 Mark Smith
- Re: I-D.ietf-v6ops-cpe-simple-security-09 Mark Townsley
- Re: I-D.ietf-v6ops-cpe-simple-security-09 james woodyatt
- Re: I-D.ietf-v6ops-cpe-simple-security-09 Mark Townsley
- Re: I-D.ietf-v6ops-cpe-simple-security-09 Mark Townsley
- Re: I-D.ietf-v6ops-cpe-simple-security-09 Mark Townsley
- Re: I-D.ietf-v6ops-cpe-simple-security-09 Brian E Carpenter
- Re: I-D.ietf-v6ops-cpe-simple-security-09 james woodyatt
- Status of RFC 4864 (was Re: I-D.ietf-v6ops-cpe-si… Mark Townsley
- Re: I-D.ietf-v6ops-cpe-simple-security-09 Mark Townsley
- Re: I-D.ietf-v6ops-cpe-simple-security-09 Mark Smith
- Re: I-D.ietf-v6ops-cpe-simple-security-09 Mark Townsley
- Re: I-D.ietf-v6ops-cpe-simple-security-09 Ole Troan
- Re: I-D.ietf-v6ops-cpe-simple-security-09 Brian E Carpenter