On 18 Jun 2013, at 02:08, Michael Thomas <[email protected]> wrote: > Yeah, I haven't actually tried listening on port 80 on my android when I > happen > to be on v6 and seeing if it's walled off. I was hoping that lazywebs would > help > me out here. *If* phones are not walled off now, I have no objection to this > section as > it's a stake in the ground that hosts can be their own firewalls. But I'd > like to have > some belief that that is true before we declare homenet firewalls obsolete.
The arch text doesn't declare edge firewalls obsolete. It talks about realms and borders, and the need to have appropriate filtering between realms, including the homenet and ISP. The case for border firewalls is reinforced by, for example, this paper: http://internetcensus2012.bitbucket.org/paper.html The text about the "value" of firewalls is merely noting that infections picked up by activity from within the homenet should not be overlooked (in part the driver for Eric Vyncke's advanced IPv6 security draft, which he has subsequently lapsed). Tim
_______________________________________________ homenet mailing list [email protected] https://www.ietf.org/mailman/listinfo/homenet
