Re: [v6ops] Hmm. Interesting article...
Tim Chown <tjc@ecs.soton.ac.uk> Tue, 02 February 2016 18:32 UTC
Return-Path: <tjc@ecs.soton.ac.uk>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7DBAD1B2EBC for <v6ops@ietfa.amsl.com>; Tue, 2 Feb 2016 10:32:05 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.222
X-Spam-Level:
X-Spam-Status: No, score=-1.222 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RP_MATCHES_RCVD=-0.001, SPF_NEUTRAL=0.779] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Z6ZBBogIUkRg for <v6ops@ietfa.amsl.com>; Tue, 2 Feb 2016 10:32:03 -0800 (PST)
Received: from falcon.ecs.soton.ac.uk (falcon.ecs.soton.ac.uk [IPv6:2001:630:d0:f102::25e]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 743881B2ECD for <v6ops@ietf.org>; Tue, 2 Feb 2016 10:32:03 -0800 (PST)
Received: from falcon.ecs.soton.ac.uk (localhost [127.0.0.1]) by falcon.ecs.soton.ac.uk (8.13.8/8.13.8) with ESMTP id u12IVosv016881; Tue, 2 Feb 2016 18:31:50 GMT
X-DKIM: Sendmail DKIM Filter v2.8.2 falcon.ecs.soton.ac.uk u12IVosv016881
DKIM-Signature: v=1; a=rsa-sha1; c=simple/simple; d=ecs.soton.ac.uk; s=201304; t=1454437911; bh=s507OKHpBft5DADWqi1W5UO52ns=; h=Mime-Version:Subject:From:In-Reply-To:Date:Cc:References:To; b=XxxPjg1NaMi9a2Jb8C7vipUjfKYhLdnklMgqFRG+Dzv2+qqhhCGn3Y9I6sAzYBxiD iN9dGbe6L47suIH27YMARqoFI3cbQdKnmTICBRjGEKRwdycKZ9pyG1N2n8yhclVuDx XqgVhkVkAj1Z8pQRYx3N7rX7LQUvPO5/0Iu8Uwvk=
Received: from gander.ecs.soton.ac.uk (gander.ecs.soton.ac.uk [2001:630:d0:f102::25d]) by falcon.ecs.soton.ac.uk (falcon.ecs.soton.ac.uk [2001:630:d0:f102::25e]) envelope-from <tjc@ecs.soton.ac.uk> with ESMTP (valid=N/A) id s11IVo2230811112iQ ret-id none; Tue, 02 Feb 2016 18:31:51 +0000
Received: from [192.168.0.10] (tchowndsl.claranet.co.uk [212.188.254.49]) (authenticated bits=0) by gander.ecs.soton.ac.uk (8.13.8/8.13.8) with ESMTP id u12IVjF0019607 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 2 Feb 2016 18:31:46 GMT
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 9.2 \(3112\))
From: Tim Chown <tjc@ecs.soton.ac.uk>
In-Reply-To: <D2D633A9.D612D%Lee.Howard@twcable.com>
Date: Tue, 02 Feb 2016 18:31:45 +0000
Content-Transfer-Encoding: quoted-printable
Message-ID: <EMEW3|48c0728de4c77e844da42a157e2bc520s11IVo03tjc|ecs.soton.ac.uk|7A88E510-8A39-4765-A762-E855B9ACBDFF@ecs.soton.ac.uk>
References: <165F7549-2A4C-44C3-9FBA-3AF69DE50110@cisco.com> <CAHw9_iLDjyZ6CKUjcyqUBe3-_EJxDekG7a1cPVLpF_U9tVvUgQ@mail.gmail.com> <56AFD626.1000802@bogus.com> <FBABBC18-CFFA-46C9-A63C-B86FE2CFFC94@cisco.com> <6EB29183-FA9A-4B94-BD68-115DB190FE65@delong.com> <56B06129.7090301@si6networks.com> <657448B4-4F56-445A-8862-8E0EB8D1A8B2@delong.com> <56B0BE2B.5050408@si6networks.com> <D2D633A9.D612D%Lee.Howard@twcable.com> <7A88E510-8A39-4765-A762-E855B9ACBDFF@ecs.soton.ac.uk>
To: Howard Lee <lee.howard@twcable.com>
X-Mailer: Apple Mail (2.3112)
X-ECS-MailScanner: Found to be clean, Found to be clean
X-smtpf-Report: sid=s11IVo223081111200; tid=s11IVo2230811112iQ; client=relay,ipv6; mail=; rcpt=; nrcpt=4:0; fails=0
X-ECS-MailScanner-Information: Please contact the ISP for more information
X-ECS-MailScanner-ID: u12IVosv016881
X-ECS-MailScanner-From: tjc@ecs.soton.ac.uk
Archived-At: <http://mailarchive.ietf.org/arch/msg/v6ops/i8uDAYWggBUf-PAOFIvu_i82oUU>
Cc: Fernando Gont <fgont@si6networks.com>, "v6ops@ietf.org" <v6ops@ietf.org>
Subject: Re: [v6ops] Hmm. Interesting article...
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Feb 2016 18:32:05 -0000
> On 2 Feb 2016, at 15:24, Howard, Lee <lee.howard@twcable.com> wrote: > > > On 2/2/16, 9:33 AM, "v6ops on behalf of Fernando Gont" > <v6ops-bounces@ietf.org on behalf of fgont@si6networks.com> wrote: >> >> There's a reason for deploying network-based firewalls: >> <https://tools.ietf.org/html/draft-gont-opsawg-firewalls-analysis-01> >> > > There is an unaddressed tension here. > I think one view is that IPv6 should be deployed without firewalls so all > hosts are reachable from arbitrary other hosts on the Internet. > I think the other view is that all/most/many hosts should be protected by > a stateful firewall. > > I don¹t know that we can resolve this tension in v6ops, but I want to make > it explicit. Well, we’ve seen a few firewall models put forward in v6ops. RFC 6092 seems to have been generally well received. It may well be the only one that made it to RFC status? e.g. draft-ietf-v6ops-balanced-ipv6-security-01 stopped at that version. Tim
- [v6ops] Hmm. Interesting article... Fred Baker (fred)
- Re: [v6ops] Hmm. Interesting article... Warren Kumari
- Re: [v6ops] Hmm. Interesting article... Fred Baker (fred)
- Re: [v6ops] Hmm. Interesting article... Owen DeLong
- Re: [v6ops] Hmm. Interesting article... joel jaeggli
- Re: [v6ops] Hmm. Interesting article... Fred Baker (fred)
- Re: [v6ops] Hmm. Interesting article... Ted Lemon
- Re: [v6ops] Hmm. Interesting article... joel jaeggli
- Re: [v6ops] Hmm. Interesting article... Ca By
- Re: [v6ops] Hmm. Interesting article... Fernando Gont
- Re: [v6ops] Hmm. Interesting article... Fernando Gont
- Re: [v6ops] Hmm. Interesting article... Fernando Gont
- Re: [v6ops] Hmm. Interesting article... Fernando Gont
- Re: [v6ops] Hmm. Interesting article... Fernando Gont
- Re: [v6ops] Hmm. Interesting article... Mark Smith
- Re: [v6ops] Hmm. Interesting article... Ray Hunter (v6ops)
- Re: [v6ops] Hmm. Interesting article... Fernando Gont
- Re: [v6ops] Hmm. Interesting article... Ray Hunter (v6ops)
- Re: [v6ops] Hmm. Interesting article... Fernando Gont
- Re: [v6ops] Hmm. Interesting article... Fred Baker (fred)
- Re: [v6ops] Hmm. Interesting article... Fred Baker (fred)
- Re: [v6ops] Hmm. Interesting article... Fernando Gont
- Re: [v6ops] Hmm. Interesting article... Owen DeLong
- Re: [v6ops] Hmm. Interesting article... Enno Rey
- Re: [v6ops] Hmm. Interesting article... Fernando Gont
- Re: [v6ops] Hmm. Interesting article... Fernando Gont
- Re: [v6ops] Hmm. Interesting article... Howard, Lee
- Re: [v6ops] Hmm. Interesting article... Fernando Gont
- Re: [v6ops] Hmm. Interesting article... Ca By
- Re: [v6ops] Hmm. Interesting article... Ca By
- Re: [v6ops] Hmm. Interesting article... Owen DeLong
- Re: [v6ops] Hmm. Interesting article... Owen DeLong
- Re: [v6ops] Hmm. Interesting article... Owen DeLong
- Re: [v6ops] Hmm. Interesting article... Tim Chown
- Re: [v6ops] Hmm. Interesting article... Fred Baker (fred)
- Re: [v6ops] Hmm. Interesting article... Mark Smith
- Re: [v6ops] Hmm. Interesting article... Mark Smith
- Re: [v6ops] Hmm. Interesting article... Enno Rey
- Re: [v6ops] Hmm. Interesting article... Mark Smith
- Re: [v6ops] Hmm. Interesting article... Joe Touch
- Re: [v6ops] Hmm. Interesting article... Owen DeLong
- Re: [v6ops] Hmm. Interesting article... Joe Touch
- Re: [v6ops] Hmm. Interesting article... 🔓Dan Wing
- Re: [v6ops] Hmm. Interesting article... Owen DeLong
- Re: [v6ops] Hmm. Interesting article... Mark Smith
- Re: [v6ops] Hmm. Interesting article... Joe Touch
- Re: [v6ops] Hmm. Interesting article... Tom Herbert
- Re: [v6ops] Hmm. Interesting article... Ca By
- Re: [v6ops] Hmm. Interesting article... Nick Hilliard
- Re: [v6ops] Hmm. Interesting article... Owen DeLong
- Re: [v6ops] Hmm. Interesting article... Owen DeLong
- Re: [v6ops] Hmm. Interesting article... Mark Smith
- Re: [v6ops] Hmm. Interesting article... Owen DeLong
- Re: [v6ops] Hmm. Interesting article... Joe Touch
- Re: [v6ops] Hmm. Interesting article... Owen DeLong
- Re: [v6ops] Hmm. Interesting article... Fernando Gont
- Re: [v6ops] Hmm. Interesting article... Fernando Gont
- Re: [v6ops] Hmm. Interesting article... Fernando Gont
- Re: [v6ops] Hmm. Interesting article... Fernando Gont
- Re: [v6ops] Hmm. Interesting article... Tim Chown
- Re: [v6ops] Hmm. Interesting article... Owen DeLong
- Re: [v6ops] Hmm. Interesting article... Fernando Gont