IETF Logo Mail Archive

Re: [v6ops] Hmm. Interesting article...

"Howard, Lee" <lee.howard@twcable.com> Tue, 02 February 2016 15:24 UTC

Return-Path: <lee.howard@twcable.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D76821B2C3D for <v6ops@ietfa.amsl.com>; Tue, 2 Feb 2016 07:24:17 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.234
X-Spam-Level:
X-Spam-Status: No, score=0.234 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_MODEMCABLE=0.768, HOST_EQ_MODEMCABLE=1.368, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hmyrrw9M7LPH for <v6ops@ietfa.amsl.com>; Tue, 2 Feb 2016 07:24:14 -0800 (PST)
Received: from cdpipgw02.twcable.com (cdpipgw02.twcable.com [165.237.59.23]) by ietfa.amsl.com (Postfix) with ESMTP id 131601B2C3C for <v6ops@ietf.org>; Tue, 2 Feb 2016 07:24:13 -0800 (PST)
X-SENDER-IP: 10.64.163.156
X-SENDER-REPUTATION: None
X-IronPort-AV: E=Sophos;i="5.22,385,1449550800"; d="scan'208";a="1004590066"
Received: from unknown (HELO exchpapp15.corp.twcable.com) ([10.64.163.156]) by cdpipgw02.twcable.com with ESMTP/TLS/AES256-SHA; 02 Feb 2016 10:22:56 -0500
Received: from EXCHPAPP15.corp.twcable.com (10.64.163.156) by exchpapp15.corp.twcable.com (10.64.163.156) with Microsoft SMTP Server (TLS) id 15.0.1130.7; Tue, 2 Feb 2016 10:24:11 -0500
Received: from EXCHPAPP15.corp.twcable.com ([10.245.162.20]) by exchpapp15.corp.twcable.com ([10.245.162.20]) with mapi id 15.00.1130.005; Tue, 2 Feb 2016 10:24:11 -0500
From: "Howard, Lee" <lee.howard@twcable.com>
To: Fernando Gont <fgont@si6networks.com>, Owen DeLong <owen@delong.com>
Thread-Topic: [v6ops] Hmm. Interesting article...
Thread-Index: AQHRXTXPkiUQUGq5CECiLP0wylSOSZ8YC0YAgAAG1gCAAAHNgIAABEeAgACfo4CAAFp8AIAAFGSA//+6aYA=
Date: Tue, 02 Feb 2016 15:24:11 +0000
Message-ID: <D2D633A9.D612D%Lee.Howard@twcable.com>
References: <165F7549-2A4C-44C3-9FBA-3AF69DE50110@cisco.com> <CAHw9_iLDjyZ6CKUjcyqUBe3-_EJxDekG7a1cPVLpF_U9tVvUgQ@mail.gmail.com> <56AFD626.1000802@bogus.com> <FBABBC18-CFFA-46C9-A63C-B86FE2CFFC94@cisco.com> <6EB29183-FA9A-4B94-BD68-115DB190FE65@delong.com> <56B06129.7090301@si6networks.com> <657448B4-4F56-445A-8862-8E0EB8D1A8B2@delong.com> <56B0BE2B.5050408@si6networks.com>
In-Reply-To: <56B0BE2B.5050408@si6networks.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.6.0.151221
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.64.163.240]
x-tm-as-product-ver: SMEX-11.0.0.1191-8.000.1202-22106.002
x-tm-as-result: No--35.813500-8.000000-31
x-tm-as-user-approved-sender: No
x-tm-as-user-blocked-sender: No
Content-Type: text/plain; charset="iso-8859-1"
Content-ID: <680575C6DA2F6F42A35520E1A87C13CB@twcable.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/v6ops/QthQ8PZY2M0VZNDRz_d_1kzy89A>
Cc: "v6ops@ietf.org" <v6ops@ietf.org>
Subject: Re: [v6ops] Hmm. Interesting article...
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Feb 2016 15:24:18 -0000


On 2/2/16, 9:33 AM, "v6ops on behalf of Fernando Gont"
<v6ops-bounces@ietf.org on behalf of fgont@si6networks.com> wrote:

>On 02/02/2016 10:20 AM, Owen DeLong wrote:
>>
>>> On Feb 1, 2016, at 23:56, Fernando Gont <fgont@si6networks.com> wrote:
>>>
>>> Maybe in that in IPv4 you typically have a NAT in front of your node,
>>> where in IPv6 you don't necessarily have a fw?
>>>
>>
>> If you're running a host without any sort of filter, that's really not
>>a problem we should be solving at the network level. That's more of an
>>educational problem.
>
>There's a reason for deploying network-based firewalls:
><https://tools.ietf.org/html/draft-gont-opsawg-firewalls-analysis-01>
>

There is an unaddressed tension here.
I think one view is that IPv6 should be deployed without firewalls so all
hosts are reachable from arbitrary other hosts on the Internet.
I think the other view is that all/most/many hosts should be protected by
a stateful firewall.

I don¹t know that we can resolve this tension in v6ops, but I want to make
it explicit.

Lee


________________________________

This E-mail and any of its attachments may contain Time Warner Cable proprietary information, which is privileged, confidential, or subject to copyright belonging to Time Warner Cable. This E-mail is intended solely for the use of the individual or entity to which it is addressed. If you are not the intended recipient of this E-mail, you are hereby notified that any dissemination, distribution, copying, or action taken in relation to the contents of and attachments to this E-mail is strictly prohibited and may be unlawful. If you have received this E-mail in error, please notify the sender immediately and permanently delete the original and any copy of this E-mail and any printout.

v2.23.0 | Report a Bug | By Email