On 11/13/14, 3:15 PM, Ted Lemon wrote:
On Nov 13, 2014, at 12:12 PM, Michael Thomas <m...@mtcc.com> wrote:
That said, I really do wonder -- given how trivial it is with v6 to get a GUA,
-- how easy it is
to keep things within, say, the home that we don't want to accidentally leaking
out onto
the internet from doing so[*]. My guess: hard.
Unfortunately, I think that we don't have a ready answer for this. Even if
you have a firewall that emulates the behavior of a NAT in terms of preventing
unsolicited incoming connections, any device on the network can in principle
connect off network. The only way to prevent this is to have specific
policies per device, which pretty much requires a UI. So e.g. if your printer
is programmed to check the vendor's site for updates, you would have to
explicitly block it from doing so if you wanted it to be invisible to
off-network surveillance.
Quite so. Which is why we need to be vigilant that we aren't creating IP
Maginot Lines.
Mike
_______________________________________________
homenet mailing list
homenet@ietf.org
https://www.ietf.org/mailman/listinfo/homenet