Re: I-D.ietf-v6ops-cpe-simple-security-09
Brian E Carpenter <brian.e.carpenter@gmail.com> Sun, 21 March 2010 17:33 UTC
Return-Path: <owner-v6ops@ops.ietf.org>
X-Original-To: ietfarch-v6ops-archive@core3.amsl.com
Delivered-To: ietfarch-v6ops-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 591F73A6AF2 for <ietfarch-v6ops-archive@core3.amsl.com>; Sun, 21 Mar 2010 10:33:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.109
X-Spam-Level:
X-Spam-Status: No, score=0.109 tagged_above=-999 required=5 tests=[AWL=-0.526, BAYES_00=-2.599, DNS_FROM_OPENWHOIS=1.13, FH_RELAY_NODNS=1.451, HELO_MISMATCH_COM=0.553, RDNS_NONE=0.1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9hEdicHkBD2f for <ietfarch-v6ops-archive@core3.amsl.com>; Sun, 21 Mar 2010 10:33:53 -0700 (PDT)
Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id 76E3C3A6AF1 for <v6ops-archive@lists.ietf.org>; Sun, 21 Mar 2010 10:33:53 -0700 (PDT)
Received: from majordom by psg.com with local (Exim 4.71 (FreeBSD)) (envelope-from <owner-v6ops@ops.ietf.org>) id 1NtOxd-000Bfu-Vg for v6ops-data0@psg.com; Sun, 21 Mar 2010 17:29:13 +0000
Received: from [74.125.83.52] (helo=mail-gw0-f52.google.com) by psg.com with esmtp (Exim 4.71 (FreeBSD)) (envelope-from <brian.e.carpenter@gmail.com>) id 1NtOxb-000Bez-9c for v6ops@ops.ietf.org; Sun, 21 Mar 2010 17:29:11 +0000
Received: by gwb17 with SMTP id 17so565420gwb.11 for <v6ops@ops.ietf.org>; Sun, 21 Mar 2010 10:29:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from :organization:user-agent:mime-version:to:cc:subject:references :in-reply-to:content-type:content-transfer-encoding; bh=N8K1cnncCD9fsEWY5pXxCUPtEwbWseNGG8jVQxDclgs=; b=n1O7NTolV9Z4NudsA27cR5lxvMQL4UVm4XY6p52ARjFYIz3PcBbn8Js6xeMk5v5OVe L3IQ5w6yJQ3wM1vQ+sP9a3qmXu1QMo/kZ4HyvQGJcbpFURA5BVjygRSh/mdqXXmEjnWj C2HjUYPKINPU9AsAM0ziXyqetXxe9YftJSVfo=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:organization:user-agent:mime-version:to:cc :subject:references:in-reply-to:content-type :content-transfer-encoding; b=Wetm5pI8oEabJoXdVBDDB0LlZKquundZVBFYJ3345o39+XY8GqhhvY6ePVQTW92QoF jcBq5lTNfcqvoZVLTIGU307XKAdEw8Lk34mW27QPzFCWbUMpP3kReSzxkT4jjlDKELfA Dj5QeoGyiHoqP3+Kk/AlppVNJjhJaPbf3LbvU=
Received: by 10.90.7.13 with SMTP id 13mr3180687agg.75.1269192550344; Sun, 21 Mar 2010 10:29:10 -0700 (PDT)
Received: from [130.129.24.199] ([130.129.24.199]) by mx.google.com with ESMTPS id 16sm2510957gxk.1.2010.03.21.10.29.09 (version=SSLv3 cipher=RC4-MD5); Sun, 21 Mar 2010 10:29:09 -0700 (PDT)
Message-ID: <4BA6575D.7070300@gmail.com>
Date: Mon, 22 Mar 2010 06:29:01 +1300
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
Organization: University of Auckland
User-Agent: Thunderbird 2.0.0.6 (Windows/20070728)
MIME-Version: 1.0
To: Gert Doering <gert@space.net>
CC: Mark Townsley <townsley@cisco.com>, james woodyatt <jhw@apple.com>, IPv6 Operations <v6ops@ops.ietf.org>
Subject: Re: I-D.ietf-v6ops-cpe-simple-security-09
References: <D6F5ACD2-EB43-477E-9F48-AC3EDB3F7EB4@apple.com> <4BA3BBCF.2090903@cisco.com> <4BA3D1B3.4010501@gmail.com> <4BA3DAAA.10000@cisco.com> <4BA40DD1.7080306@gmail.com> <6C168711-6A34-4487-9911-92766513183C@apple.com> <4BA522E8.7050504@cisco.com> <4BA56626.20606@gmail.com> <20100321133831.GL69383@Space.Net>
In-Reply-To: <20100321133831.GL69383@Space.Net>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Sender: owner-v6ops@ops.ietf.org
Precedence: bulk
List-ID: <v6ops.ops.ietf.org>
On 2010-03-22 02:38, Gert Doering wrote:
> Hi,
>
> On Sun, Mar 21, 2010 at 01:19:50PM +1300, Brian E Carpenter wrote:
>> Indeed. But ISPs that supply CPE to their customers are going to
>> assume that their customers are running unpatched insecure operating
>> systems at high risk of catching malware. So I think they are just as
>> likely as enterprise IT departments to favour default deny approaches.
>
> We're not.
>
> We provide *Internet* services. Not "walled garden" services.
>
> If the customer wants firewall protection, we're happy to sell it to them,
> but the default package they get is "Internet". Packets transported from
> A to B and vice versa, and we're not maing their packets unhappy unless they
> tell us so.
I applaud that and it's what I want from my ISP. My comment is that
I don't see this as a universal approach.
So, I'm wondering what's really wrong with:
REC-41 Gateways MUST provide an easily selected configuration option
that permits operation in a mode that forwards all unsolicited
flows regardless of forwarding direction.
- Brian
- I-D.ietf-v6ops-cpe-simple-security-09 james woodyatt
- Re: I-D.ietf-v6ops-cpe-simple-security-09 Mark Baugher
- Re: I-D.ietf-v6ops-cpe-simple-security-09 james woodyatt
- Re: I-D.ietf-v6ops-cpe-simple-security-09 Fred Baker
- Re: I-D.ietf-v6ops-cpe-simple-security-09 Fred Baker
- Re: I-D.ietf-v6ops-cpe-simple-security-09 james woodyatt
- Re: I-D.ietf-v6ops-cpe-simple-security-09 Mark Baugher
- Re: I-D.ietf-v6ops-cpe-simple-security-09 james woodyatt
- Re: I-D.ietf-v6ops-cpe-simple-security-09 Mark Baugher
- Re: I-D.ietf-v6ops-cpe-simple-security-09 Mark Baugher
- Re: I-D.ietf-v6ops-cpe-simple-security-09 Ole Troan
- Re: I-D.ietf-v6ops-cpe-simple-security-09 Mark Baugher
- Re: I-D.ietf-v6ops-cpe-simple-security-09 Mark Baugher
- RE: I-D.ietf-v6ops-cpe-simple-security-09 STARK, BARBARA H (ATTLABS)
- Re: I-D.ietf-v6ops-cpe-simple-security-09 james woodyatt
- Fwd: I-D.ietf-v6ops-cpe-simple-security-09 - ICMP… Rémi Després
- Re: I-D.ietf-v6ops-cpe-simple-security-09 - ICMP … james woodyatt
- Re: I-D.ietf-v6ops-cpe-simple-security-09 - ICMP … Rémi Després
- Re: I-D.ietf-v6ops-cpe-simple-security-09 Brian E Carpenter
- Re: I-D.ietf-v6ops-cpe-simple-security-09 Mark Smith
- Re: I-D.ietf-v6ops-cpe-simple-security-09 Mark Townsley
- Re: I-D.ietf-v6ops-cpe-simple-security-09 Brian E Carpenter
- Re: I-D.ietf-v6ops-cpe-simple-security-09 Mark Townsley
- Re: I-D.ietf-v6ops-cpe-simple-security-09 james woodyatt
- Re: I-D.ietf-v6ops-cpe-simple-security-09 Brian E Carpenter
- Re: I-D.ietf-v6ops-cpe-simple-security-09 james woodyatt
- Re: I-D.ietf-v6ops-cpe-simple-security-09 Mark Townsley
- Re: I-D.ietf-v6ops-cpe-simple-security-09 Mark Townsley
- Re: I-D.ietf-v6ops-cpe-simple-security-09 Mark Townsley
- Re: I-D.ietf-v6ops-cpe-simple-security-09 Fred Baker
- Re: I-D.ietf-v6ops-cpe-simple-security-09 Fred Baker
- Re: I-D.ietf-v6ops-cpe-simple-security-09 Mark Townsley
- Re: I-D.ietf-v6ops-cpe-simple-security-09 Mark Townsley
- Re: I-D.ietf-v6ops-cpe-simple-security-09 Fred Baker
- Re: I-D.ietf-v6ops-cpe-simple-security-09 Shane Amante
- Re: I-D.ietf-v6ops-cpe-simple-security-09 Mark Smith
- Re: I-D.ietf-v6ops-cpe-simple-security-09 Cameron Byrne
- Re: I-D.ietf-v6ops-cpe-simple-security-09 james woodyatt
- Re: I-D.ietf-v6ops-cpe-simple-security-09 Mark Smith
- Re: I-D.ietf-v6ops-cpe-simple-security-09 Gert Doering
- Re: I-D.ietf-v6ops-cpe-simple-security-09 Mark Townsley
- Re: I-D.ietf-v6ops-cpe-simple-security-09 Mark Townsley
- Re: I-D.ietf-v6ops-cpe-simple-security-09 Brian E Carpenter
- Re: I-D.ietf-v6ops-cpe-simple-security-09 Mark Townsley
- Re: I-D.ietf-v6ops-cpe-simple-security-09 Mark Smith
- Re: I-D.ietf-v6ops-cpe-simple-security-09 Mark Townsley
- Re: I-D.ietf-v6ops-cpe-simple-security-09 james woodyatt
- Re: I-D.ietf-v6ops-cpe-simple-security-09 Mark Townsley
- Re: I-D.ietf-v6ops-cpe-simple-security-09 Mark Townsley
- Re: I-D.ietf-v6ops-cpe-simple-security-09 Mark Townsley
- Re: I-D.ietf-v6ops-cpe-simple-security-09 Brian E Carpenter
- Re: I-D.ietf-v6ops-cpe-simple-security-09 james woodyatt
- Status of RFC 4864 (was Re: I-D.ietf-v6ops-cpe-si… Mark Townsley
- Re: I-D.ietf-v6ops-cpe-simple-security-09 Mark Townsley
- Re: I-D.ietf-v6ops-cpe-simple-security-09 Mark Smith
- Re: I-D.ietf-v6ops-cpe-simple-security-09 Mark Townsley
- Re: I-D.ietf-v6ops-cpe-simple-security-09 Ole Troan
- Re: I-D.ietf-v6ops-cpe-simple-security-09 Brian E Carpenter