Re: [v6ops] draft-ietf-v6ops-mobile-device-profile last call- "harmfully broad"?
<mohamed.boucadair@orange.com> Thu, 12 February 2015 06:39 UTC
Return-Path: <mohamed.boucadair@orange.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9970C1A9077 for <v6ops@ietfa.amsl.com>; Wed, 11 Feb 2015 22:39:42 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.598
X-Spam-Level:
X-Spam-Status: No, score=-2.598 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TAAdEhn1z_YB for <v6ops@ietfa.amsl.com>; Wed, 11 Feb 2015 22:39:39 -0800 (PST)
Received: from relais-inet.francetelecom.com (relais-ias92.francetelecom.com [193.251.215.92]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0A0B21A9074 for <v6ops@ietf.org>; Wed, 11 Feb 2015 22:39:39 -0800 (PST)
Received: from omfedm06.si.francetelecom.fr (unknown [xx.xx.xx.2]) by omfedm09.si.francetelecom.fr (ESMTP service) with ESMTP id 3DA962DC25F; Thu, 12 Feb 2015 07:39:37 +0100 (CET)
Received: from Exchangemail-eme2.itn.ftgroup (unknown [10.114.31.30]) by omfedm06.si.francetelecom.fr (ESMTP service) with ESMTP id 19EE927C0AF; Thu, 12 Feb 2015 07:39:37 +0100 (CET)
Received: from OPEXCLILM23.corporate.adroot.infra.ftgroup ([169.254.2.231]) by OPEXCLILH02.corporate.adroot.infra.ftgroup ([10.114.31.30]) with mapi id 14.03.0224.002; Thu, 12 Feb 2015 07:39:37 +0100
From: mohamed.boucadair@orange.com
To: James Woodyatt <jhw@nestlabs.com>
Thread-Topic: [v6ops] draft-ietf-v6ops-mobile-device-profile last call- "harmfully broad"?
Thread-Index: AQHQRiNlJyo/dj7ROEKfd3r0ZcS7TZzsjIhg
Date: Thu, 12 Feb 2015 06:39:36 +0000
Message-ID: <787AE7BB302AE849A7480A190F8B933004909864@OPEXCLILM23.corporate.adroot.infra.ftgroup>
References: <787AE7BB302AE849A7480A190F8B9330049091C2@OPEXCLILM23.corporate.adroot.infra.ftgroup> <CADhXe52o=Vxux1+G8_EXgE_-a3Mest_LD6Hzzqu=hDp3H++Ttw@mail.gmail.com>
In-Reply-To: <CADhXe52o=Vxux1+G8_EXgE_-a3Mest_LD6Hzzqu=hDp3H++Ttw@mail.gmail.com>
Accept-Language: fr-FR, en-US
Content-Language: fr-FR
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.168.234.1]
Content-Type: multipart/alternative; boundary="_000_787AE7BB302AE849A7480A190F8B933004909864OPEXCLILM23corp_"
MIME-Version: 1.0
X-PMX-Version: 6.0.3.2322014, Antispam-Engine: 2.7.2.2107409, Antispam-Data: 2015.2.12.3031
Archived-At: <http://mailarchive.ietf.org/arch/msg/v6ops/vYtabvHk0_aqFECf3rh6JxGPfUU>
Cc: IPv6 Ops WG <v6ops@ietf.org>
Subject: Re: [v6ops] draft-ietf-v6ops-mobile-device-profile last call- "harmfully broad"?
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 12 Feb 2015 06:39:42 -0000
Hi James, Thank you for raising this point as it helps to clarify a confusion. This document DOES NOT RECOMMENT RFC6092 for tethered hosts. I guess you are referring to this item: L_REC#2: The cellular CPE must be compliant with the requirements specified in [RFC7084<http://tools.ietf.org/html/rfc7084>]. There are several deployments, particularly in emerging countries, that relies on mobile networks to provide broadband services (e.g., customers are provided with mobile CPEs). Note, this profile does not require IPv4 service continuity techniques listed in [RFC7084<http://tools.ietf.org/html/rfc7084>] because those are specific to fixed networks. IPv4 service continuity techniques specific to the mobile networks are included in this profile. This is about cellular ** CPE ** not tethered devices (You may noticed that this item used explicitly “cellular CPE” while other items in this section uses “cellular device”). RFC7084 is required for this case to ensure a functional parity with fixed CPEs. BTW, the text you suggested about RFC6092 is in the draft: In the case of cellular devices that provide LAN features, compliance with L_REC#2 entails compliance with [RFC7084<http://tools.ietf.org/html/rfc7084>], which in turn recommends compliance with Recommended Simple Security Capabilities in Customer Premises Equipment (CPE) for Providing Residential IPv6 Internet Service [RFC6092<http://tools.ietf.org/html/rfc6092>]. Therefore, the security considerations in Section 6 of [RFC6092]<http://tools.ietf.org/html/rfc6092#section-6> are relevant. In particular, it bears repeating here that the true impact of stateful filtering may be a reduction in security, and that IETF make no statement, expressed or implied, as to whether using the capabilities described in any of these documents ultimately improves security for any individual users or for the Internet community as a whole. Are you suggesting that a mobile CPE should not have the same functionalities as the fixed one, and therefore RFC7084 should not be cited in this I-D? Or you are suggesting that RFC7084 is harmful? Thank you. Cheers, Med De : James Woodyatt [mailto:jhw@nestlabs.com] Envoyé : mercredi 11 février 2015 18:51 À : BOUCADAIR Mohamed IMT/OLN Cc : IPv6 Ops WG Objet : Re: [v6ops] draft-ietf-v6ops-mobile-device-profile last call- "harmfully broad"? On Wed, Feb 11, 2015 at 4:09 AM, <mohamed.boucadair@orange.com<mailto:mohamed.boucadair@orange.com>> wrote: Which items are not technically justified? Others may have other items that bug them, and additional items may spring to my mind later if I put my mind to it, but I see no technical justification to recommend a simple firewall by default for tethered hosts according to RFC 6092. I consider that recommendation to be actively harmful. -- james woodyatt <jhw@nestlabs.com<mailto:jhw@nestlabs.com>> Nest Labs, Communications Engineering
- Re: [v6ops] draft-ietf-v6ops-mobile-device-profil… mohamed.boucadair
- Re: [v6ops] draft-ietf-v6ops-mobile-device-profil… James Woodyatt
- Re: [v6ops] draft-ietf-v6ops-mobile-device-profil… Keith Moore
- Re: [v6ops] draft-ietf-v6ops-mobile-device-profil… mohamed.boucadair
- Re: [v6ops] draft-ietf-v6ops-mobile-device-profil… James Woodyatt
- Re: [v6ops] draft-ietf-v6ops-mobile-device-profil… Lorenzo Colitti
- Re: [v6ops] draft-ietf-v6ops-mobile-device-profil… mohamed.boucadair
- Re: [v6ops] draft-ietf-v6ops-mobile-device-profil… mohamed.boucadair
- Re: [v6ops] draft-ietf-v6ops-mobile-device-profil… Alexandru Petrescu
- Re: [v6ops] draft-ietf-v6ops-mobile-device-profil… STARK, BARBARA H
- Re: [v6ops] draft-ietf-v6ops-mobile-device-profil… mohamed.boucadair
- Re: [v6ops] draft-ietf-v6ops-mobile-device-profil… Heatley, Nick
- Re: [v6ops] draft-ietf-v6ops-mobile-device-profil… Lorenzo Colitti
- Re: [v6ops] draft-ietf-v6ops-mobile-device-profil… Ross Chandler
- Re: [v6ops] draft-ietf-v6ops-mobile-device-profil… Lorenzo Colitti
- Re: [v6ops] draft-ietf-v6ops-mobile-device-profil… Heatley, Nick
- Re: [v6ops] draft-ietf-v6ops-mobile-device-profil… Lorenzo Colitti
- Re: [v6ops] draft-ietf-v6ops-mobile-device-profil… Lorenzo Colitti
- Re: [v6ops] draft-ietf-v6ops-mobile-device-profil… Heatley, Nick
- Re: [v6ops] draft-ietf-v6ops-mobile-device-profil… Lorenzo Colitti
- Re: [v6ops] draft-ietf-v6ops-mobile-device-profil… Lorenzo Colitti
- Re: [v6ops] draft-ietf-v6ops-mobile-device-profil… Heatley, Nick
- Re: [v6ops] draft-ietf-v6ops-mobile-device-profil… mohamed.boucadair
- Re: [v6ops] draft-ietf-v6ops-mobile-device-profil… mohamed.boucadair
- Re: [v6ops] draft-ietf-v6ops-mobile-device-profil… Ca By
- Re: [v6ops] draft-ietf-v6ops-mobile-device-profil… mohamed.boucadair
- Re: [v6ops] draft-ietf-v6ops-mobile-device-profil… STARK, BARBARA H
- Re: [v6ops] draft-ietf-v6ops-mobile-device-profil… david.binet
- Re: [v6ops] draft-ietf-v6ops-mobile-device-profil… Heatley, Nick
- Re: [v6ops] draft-ietf-v6ops-mobile-device-profil… Lorenzo Colitti
- Re: [v6ops] draft-ietf-v6ops-mobile-device-profil… Lorenzo Colitti
- Re: [v6ops] draft-ietf-v6ops-mobile-device-profil… Alexandru Petrescu
- Re: [v6ops] draft-ietf-v6ops-mobile-device-profil… mohamed.boucadair
- Re: [v6ops] draft-ietf-v6ops-mobile-device-profil… Dave Michaud
- Re: [v6ops] draft-ietf-v6ops-mobile-device-profil… mohamed.boucadair
- Re: [v6ops] draft-ietf-v6ops-mobile-device-profil… Lorenzo Colitti
- Re: [v6ops] draft-ietf-v6ops-mobile-device-profil… Lorenzo Colitti
- Re: [v6ops] draft-ietf-v6ops-mobile-device-profil… mohamed.boucadair
- Re: [v6ops] draft-ietf-v6ops-mobile-device-profil… Dave Michaud
- Re: [v6ops] draft-ietf-v6ops-mobile-device-profil… Lorenzo Colitti
- Re: [v6ops] draft-ietf-v6ops-mobile-device-profil… mohamed.boucadair
- Re: [v6ops] draft-ietf-v6ops-mobile-device-profil… Lorenzo Colitti
- Re: [v6ops] draft-ietf-v6ops-mobile-device-profil… mohamed.boucadair
- Re: [v6ops] draft-ietf-v6ops-mobile-device-profil… Lorenzo Colitti
- Re: [v6ops] draft-ietf-v6ops-mobile-device-profil… mohamed.boucadair
- Re: [v6ops] draft-ietf-v6ops-mobile-device-profil… Alexandru Petrescu
- Re: [v6ops] draft-ietf-v6ops-mobile-device-profil… Lorenzo Colitti
- [v6ops] accountability vs responsibility [draft-i… Brian E Carpenter
- Re: [v6ops] draft-ietf-v6ops-mobile-device-profil… mohamed.boucadair
- Re: [v6ops] draft-ietf-v6ops-mobile-device-profil… mohamed.boucadair
- Re: [v6ops] draft-ietf-v6ops-mobile-device-profil… Alexandru Petrescu
- Re: [v6ops] draft-ietf-v6ops-mobile-device-profil… mohamed.boucadair
- Re: [v6ops] draft-ietf-v6ops-mobile-device-profil… joel jaeggli
- Re: [v6ops] draft-ietf-v6ops-mobile-device-profil… Lorenzo Colitti