IETF Logo Mail Archive

Re: [v6ops] Hmm. Interesting article...

Tim Chown <tjc@ecs.soton.ac.uk> Tue, 02 February 2016 18:32 UTC

Return-Path: <tjc@ecs.soton.ac.uk>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7DBAD1B2EBC for <v6ops@ietfa.amsl.com>; Tue, 2 Feb 2016 10:32:05 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.222
X-Spam-Level:
X-Spam-Status: No, score=-1.222 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RP_MATCHES_RCVD=-0.001, SPF_NEUTRAL=0.779] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Z6ZBBogIUkRg for <v6ops@ietfa.amsl.com>; Tue, 2 Feb 2016 10:32:03 -0800 (PST)
Received: from falcon.ecs.soton.ac.uk (falcon.ecs.soton.ac.uk [IPv6:2001:630:d0:f102::25e]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 743881B2ECD for <v6ops@ietf.org>; Tue, 2 Feb 2016 10:32:03 -0800 (PST)
Received: from falcon.ecs.soton.ac.uk (localhost [127.0.0.1]) by falcon.ecs.soton.ac.uk (8.13.8/8.13.8) with ESMTP id u12IVosv016881; Tue, 2 Feb 2016 18:31:50 GMT
X-DKIM: Sendmail DKIM Filter v2.8.2 falcon.ecs.soton.ac.uk u12IVosv016881
DKIM-Signature: v=1; a=rsa-sha1; c=simple/simple; d=ecs.soton.ac.uk; s=201304; t=1454437911; bh=s507OKHpBft5DADWqi1W5UO52ns=; h=Mime-Version:Subject:From:In-Reply-To:Date:Cc:References:To; b=XxxPjg1NaMi9a2Jb8C7vipUjfKYhLdnklMgqFRG+Dzv2+qqhhCGn3Y9I6sAzYBxiD iN9dGbe6L47suIH27YMARqoFI3cbQdKnmTICBRjGEKRwdycKZ9pyG1N2n8yhclVuDx XqgVhkVkAj1Z8pQRYx3N7rX7LQUvPO5/0Iu8Uwvk=
Received: from gander.ecs.soton.ac.uk (gander.ecs.soton.ac.uk [2001:630:d0:f102::25d]) by falcon.ecs.soton.ac.uk (falcon.ecs.soton.ac.uk [2001:630:d0:f102::25e]) envelope-from <tjc@ecs.soton.ac.uk> with ESMTP (valid=N/A) id s11IVo2230811112iQ ret-id none; Tue, 02 Feb 2016 18:31:51 +0000
Received: from [192.168.0.10] (tchowndsl.claranet.co.uk [212.188.254.49]) (authenticated bits=0) by gander.ecs.soton.ac.uk (8.13.8/8.13.8) with ESMTP id u12IVjF0019607 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 2 Feb 2016 18:31:46 GMT
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 9.2 \(3112\))
From: Tim Chown <tjc@ecs.soton.ac.uk>
In-Reply-To: <D2D633A9.D612D%Lee.Howard@twcable.com>
Date: Tue, 02 Feb 2016 18:31:45 +0000
Content-Transfer-Encoding: quoted-printable
Message-ID: <EMEW3|48c0728de4c77e844da42a157e2bc520s11IVo03tjc|ecs.soton.ac.uk|7A88E510-8A39-4765-A762-E855B9ACBDFF@ecs.soton.ac.uk>
References: <165F7549-2A4C-44C3-9FBA-3AF69DE50110@cisco.com> <CAHw9_iLDjyZ6CKUjcyqUBe3-_EJxDekG7a1cPVLpF_U9tVvUgQ@mail.gmail.com> <56AFD626.1000802@bogus.com> <FBABBC18-CFFA-46C9-A63C-B86FE2CFFC94@cisco.com> <6EB29183-FA9A-4B94-BD68-115DB190FE65@delong.com> <56B06129.7090301@si6networks.com> <657448B4-4F56-445A-8862-8E0EB8D1A8B2@delong.com> <56B0BE2B.5050408@si6networks.com> <D2D633A9.D612D%Lee.Howard@twcable.com> <7A88E510-8A39-4765-A762-E855B9ACBDFF@ecs.soton.ac.uk>
To: Howard Lee <lee.howard@twcable.com>
X-Mailer: Apple Mail (2.3112)
X-ECS-MailScanner: Found to be clean, Found to be clean
X-smtpf-Report: sid=s11IVo223081111200; tid=s11IVo2230811112iQ; client=relay,ipv6; mail=; rcpt=; nrcpt=4:0; fails=0
X-ECS-MailScanner-Information: Please contact the ISP for more information
X-ECS-MailScanner-ID: u12IVosv016881
X-ECS-MailScanner-From: tjc@ecs.soton.ac.uk
Archived-At: <http://mailarchive.ietf.org/arch/msg/v6ops/i8uDAYWggBUf-PAOFIvu_i82oUU>
Cc: Fernando Gont <fgont@si6networks.com>, "v6ops@ietf.org" <v6ops@ietf.org>
Subject: Re: [v6ops] Hmm. Interesting article...
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Feb 2016 18:32:05 -0000

> On 2 Feb 2016, at 15:24, Howard, Lee <lee.howard@twcable.com> wrote:
> 
> 
> On 2/2/16, 9:33 AM, "v6ops on behalf of Fernando Gont"
> <v6ops-bounces@ietf.org on behalf of fgont@si6networks.com> wrote:
>> 
>> There's a reason for deploying network-based firewalls:
>> <https://tools.ietf.org/html/draft-gont-opsawg-firewalls-analysis-01>
>> 
> 
> There is an unaddressed tension here.
> I think one view is that IPv6 should be deployed without firewalls so all
> hosts are reachable from arbitrary other hosts on the Internet.
> I think the other view is that all/most/many hosts should be protected by
> a stateful firewall.
> 
> I don¹t know that we can resolve this tension in v6ops, but I want to make
> it explicit.

Well, we’ve seen a few firewall models put forward in v6ops. RFC 6092 seems
to have been generally well received. It may well be the only one that made it
to RFC status? e.g. draft-ietf-v6ops-balanced-ipv6-security-01 stopped at that 
version. 

Tim

v2.23.0 | Report a Bug | By Email