Re: [v6ops] Fwd: I-D Action:draft-ietf-v6ops-cpe-simple-security-15.txt
Mark Smith <ipng@69706e6720323030352d30312d31340a.nosense.org> Thu, 14 October 2010 10:19 UTC
Return-Path: <ipng@69706e6720323030352d30312d31340a.nosense.org>
X-Original-To: v6ops@core3.amsl.com
Delivered-To: v6ops@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B90793A69BC; Thu, 14 Oct 2010 03:19:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.665
X-Spam-Level:
X-Spam-Status: No, score=-1.665 tagged_above=-999 required=5 tests=[AWL=0.230, BAYES_00=-2.599, HELO_EQ_AU=0.377, HOST_EQ_AU=0.327]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SoUMbqb8bsr6; Thu, 14 Oct 2010 03:19:58 -0700 (PDT)
Received: from smtp1.adam.net.au (smtp1.adam.net.au [202.136.110.253]) by core3.amsl.com (Postfix) with ESMTP id EEE7C3A67A7; Thu, 14 Oct 2010 03:19:57 -0700 (PDT)
Received: from 219-90-190-11.ip.adam.com.au ([219.90.190.11] helo=opy.nosense.org) by smtp1.adam.net.au with esmtp (Exim 4.63) (envelope-from <ipng@69706e6720323030352d30312d31340a.nosense.org>) id 1P6Kvv-0001xw-NB; Thu, 14 Oct 2010 20:51:11 +1030
Received: from opy.nosense.org (localhost.localdomain [IPv6:::1]) by opy.nosense.org (Postfix) with ESMTP id DB15D3B325; Thu, 14 Oct 2010 20:51:10 +1030 (CST)
Date: Thu, 14 Oct 2010 20:51:09 +1030
From: Mark Smith <ipng@69706e6720323030352d30312d31340a.nosense.org>
To: Fred Baker <fred@cisco.com>
Message-ID: <20101014205109.75a23d68@opy.nosense.org>
In-Reply-To: <ED22EE5B-641A-4DB7-857A-361AE388E989@cisco.com>
References: <20101012180001.D0C3C3A69CE@core3.amsl.com> <ED22EE5B-641A-4DB7-857A-361AE388E989@cisco.com>
X-Mailer: Claws Mail 3.7.6 (GTK+ 2.20.1; x86_64-unknown-linux-gnu)
X-Location: Lower Mitcham, South Australia, 5062
Mime-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
Cc: IPv6 Operations <v6ops@ietf.org>, IESG IESG <iesg@ietf.org>
Subject: Re: [v6ops] Fwd: I-D Action:draft-ietf-v6ops-cpe-simple-security-15.txt
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/v6ops>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Oct 2010 10:20:01 -0000
Hi Fred, I'm really quite concerned about this new text, REC-13: By DEFAULT, Internet gateways SHOULD, automatically download and install software updates for extending IPv6 simple security for support of future standard upper layer transports and extension headers. in particular the automatic install, as I don't think the consequences of automatically updating the firmware "behind the customers back" have been fully considered. If there are any failures with this mechanism at all, the customer will most likely be calling the ISP, not the product vendor, despite the vendor being in control of and responsible for when this new firmware is deployed. It will appear to the customer that the ISP's service has failed. As an update is likely to be pushed out to many CPE at once, that could result in floods of 100s, 1000s etc. of unexpected calls to the ISP's helpdesk moments after the update occurs. It could also mean that updates occur in the middle of when the ISP's services are most used due to differing time zones between when the vendor pushes new firmware out verses and when customers are most commonly using the Internet services. In this scenario the ISP should be in control of when these updates are made available. Following the model used by vendors of desktop OSes these days, it would be better if when updates were pushed out, the customer was alerted to an update being available, and the customer had to somehow manually trigger the update, to avoid disrupting services. I think it'd probably be better to make only a passing comment about keeping the firmware up to date, avoiding it being a specific SHOULD recommendation, without details, in this document. The Broadband Forum, with mechanisms such as TR-69, seem to be more thoroughly considering these issues. Regards, Mark. On Tue, 12 Oct 2010 11:36:09 -0700 Fred Baker <fred@cisco.com> wrote: > This is a quick consensus check. The CPE Simple Security document is about to complete IESG review, and has gone through four revisions in the process of IETF Last Call and IESG review. I'd like to the working group to quickly ratify (or not) the changes that have been made and the current text. > > ftp://ftpeng.cisco.com/fred/v6ops/draft-ietf-v6ops-cpe-simple-security-11-15.html > http://www.ietf.org/internet-drafts/draft-ietf-v6ops-cpe-simple-security-15.txt > http://datatracker.ietf.org/doc/draft-ietf-v6ops-cpe-simple-security > > If you have any comments, please make them by the weekend. Silence will be presumed to be consent. > > Begin forwarded message: > > > From: Internet-Drafts@ietf.org > > Date: October 12, 2010 11:00:01 AM PDT > > To: i-d-announce@ietf.org > > Cc: v6ops@ietf.org > > Subject: [v6ops] I-D Action:draft-ietf-v6ops-cpe-simple-security-15.txt > > > > A New Internet-Draft is available from the on-line Internet-Drafts directories. > > This draft is a work item of the IPv6 Operations Working Group of the IETF. > > > > > > Title : Recommended Simple Security Capabilities in Customer Premises Equipment for Providing Residential IPv6 Internet Service > > Author(s) : J. Woodyatt > > Filename : draft-ietf-v6ops-cpe-simple-security-15.txt > > Pages : 35 > > Date : 2010-10-12 > > > > This document identifies a set of recommendations for the makers of > > devices describing how to provide for "simple security" capabilities > > at the perimeter of local-area IPv6 networks in Internet-enabled > > homes and small offices. > > > > A URL for this Internet-Draft is: > > http://www.ietf.org/internet-drafts/draft-ietf-v6ops-cpe-simple-security-15.txt > > > > Internet-Drafts are also available by anonymous FTP at: > > ftp://ftp.ietf.org/internet-drafts/ > > > > Below is the data which will enable a MIME compliant mail reader > > implementation to automatically retrieve the ASCII version of the > > Internet-Draft.
- [v6ops] I-D Action:draft-ietf-v6ops-cpe-simple-se… Internet-Drafts
- Re: [v6ops] Fwd: I-D Action:draft-ietf-v6ops-cpe-… Yiu L. Lee
- [v6ops] Fwd: I-D Action:draft-ietf-v6ops-cpe-simp… Fred Baker
- Re: [v6ops] Fwd: I-D Action:draft-ietf-v6ops-cpe-… Mark Smith
- Re: [v6ops] Fwd: I-D Action:draft-ietf-v6ops-cpe-… Fred Baker
- Re: [v6ops] Fwd: I-D Action:draft-ietf-v6ops-cpe-… james woodyatt
- Re: [v6ops] Fwd: I-D Action:draft-ietf-v6ops-cpe-… Fred Baker
- Re: [v6ops] Fwd: I-D Action:draft-ietf-v6ops-cpe-… Brian E Carpenter
- Re: [v6ops] Fwd: I-D Action:draft-ietf-v6ops-cpe-… Fred Baker
- Re: [v6ops] Fwd: I-D Action:draft-ietf-v6ops-cpe-… james woodyatt
- Re: [v6ops] Fwd: I-D Action:draft-ietf-v6ops-cpe-… Mark Smith
- Re: [v6ops] Fwd: I-DAction:draft-ietf-v6ops-cpe-s… STARK, BARBARA H (ATTLABS)
- Re: [v6ops] Fwd: I-D Action:draft-ietf-v6ops-cpe-… james woodyatt
- Re: [v6ops] Fwd: I-D Action:draft-ietf-v6ops-cpe-… Brian E Carpenter
- Re: [v6ops] Fwd: I-D Action:draft-ietf-v6ops-cpe-… RJ Atkinson
- Re: [v6ops] Fwd: I-D Action:draft-ietf-v6ops-cpe-… Joel Jaeggli
- Re: [v6ops] Fwd: I-D Action:draft-ietf-v6ops-cpe-… Fernando Gont
- Re: [v6ops] Fwd: I-D Action:draft-ietf-v6ops-cpe-… Joel Jaeggli
- Re: [v6ops] Fwd: I-D Action:draft-ietf-v6ops-cpe-… Fernando Gont
- Re: [v6ops] Fwd: I-D Action:draft-ietf-v6ops-cpe-… Fernando Gont
- Re: [v6ops] Fwd: I-D Action:draft-ietf-v6ops-cpe-… Ronald Bonica
- Re: [v6ops] Fwd: I-D Action:draft-ietf-v6ops-cpe-… Yiu L. Lee
- Re: [v6ops] Fwd: I-D Action:draft-ietf-v6ops-cpe-… Thomas Herbst
- Re: [v6ops] Fwd: I-D Action:draft-ietf-v6ops-cpe-… David Conrad
- Re: [v6ops] Fwd: I-D Action:draft-ietf-v6ops-cpe-… Joel Jaeggli
- Re: [v6ops] Fwd: I-D Action:draft-ietf-v6ops-cpe-… Yiu L. Lee
- Re: [v6ops] Fwd: I-D Action:draft-ietf-v6ops-cpe-… Nick Hilliard
- Re: [v6ops] Fwd: I-D Action:draft-ietf-v6ops-cpe-… Nick Hilliard
- Re: [v6ops] Fwd: I-D Action:draft-ietf-v6ops-cpe-… Mark Baugher
- Re: [v6ops] Fwd: I-D Action:draft-ietf-v6ops-cpe-… Yiu L. Lee
- Re: [v6ops] Fwd: I-D Action:draft-ietf-v6ops-cpe-… Mark Smith
- Re: [v6ops] Fwd: I-D Action:draft-ietf-v6ops-cpe-… David Conrad
- Re: [v6ops] Fwd: I-D Action:draft-ietf-v6ops-cpe-… Hemant Singh (shemant)
- Re: [v6ops] Fwd: I-D Action:draft-ietf-v6ops-cpe-… David Conrad
- Re: [v6ops] Fwd: I-D Action:draft-ietf-v6ops-cpe-… Brian E Carpenter
- Re: [v6ops] Fwd: I-D Action:draft-ietf-v6ops-cpe-… james woodyatt
- Re: [v6ops] Fwd: I-D Action:draft-ietf-v6ops-cpe-… Nick Hilliard
- Re: [v6ops] Fwd: I-D Action:draft-ietf-v6ops-cpe-… Scott Brim
- Re: [v6ops] Fwd: I-D Action:draft-ietf-v6ops-cpe-… Sam Silvester
- Re: [v6ops] Fwd: I-D Action:draft-ietf-v6ops-cpe-… Joel Jaeggli
- Re: [v6ops] Fwd: I-D Action:draft-ietf-v6ops-cpe-… Sam Silvester
- Re: [v6ops] Fwd: I-D Action:draft-ietf-v6ops-cpe-… Fred Baker
- Re: [v6ops] Fwd: I-D Action:draft-ietf-v6ops-cpe-… james woodyatt
- Re: [v6ops] Fwd: I-D Action:draft-ietf-v6ops-cpe-… Gert Doering
- Re: [v6ops] Fwd: I-D Action:draft-ietf-v6ops-cpe-… Ronald Bonica
- Re: [v6ops] Fwd: I-D Action:draft-ietf-v6ops-cpe-… Steve.Dotson
- Re: [v6ops] Fwd: I-D Action:draft-ietf-v6ops-cpe-… STARK, BARBARA H (ATTLABS)
- Re: [v6ops] Fwd: I-D Action:draft-ietf-v6ops-cpe-… Brian E Carpenter
- Re: [v6ops] Fwd: I-D Action:draft-ietf-v6ops-cpe-… Mark Smith
- Re: [v6ops] Fwd: I-D Action:draft-ietf-v6ops-cpe-… Frank Bulk
- Re: [v6ops] Fwd: I-D Action:draft-ietf-v6ops-cpe-… Frank Bulk
- Re: [v6ops] Fwd: I-D Action:draft-ietf-v6ops-cpe-… Lee, Yiu
- Re: [v6ops] Fwd: I-D Action:draft-ietf-v6ops-cpe-… Rémi Després
- Re: [v6ops] Fwd: I-D Action:draft-ietf-v6ops-cpe-… Sam Silvester