On Mon, Nov 15, 2010 at 11:41 AM, Hadriel Kaplan <hkap...@acmepacket.com>wrote:
> Absolutely. And it should work in environments with IPv6 NATs, and in > environments with IPv6 firewalls, and in environments with IPv6 consumer > gateways which block inbound packets until an outbound packet opens a > pinhole. All of those fundamentally require the same sort of NAT traversal > as for IPv4. None of us have a crystal ball to tell us how IPv6 will end up > being deployed. > That is a good point. Regardless of whether I have NAT for IPv6, I will most certainly operate with inbound connections disabled by default. That has saved me against all manner of network worms. One of the features of Stuxnet was that it attacked certain network attached printers. I have at least two printers that are more than ten years old and I could not justify paying the $3500 they would cost to replace new. Neither is supported by the vendor so patches do not exist. We really need to have the platform vendors provide an infrastructure to support authenticated port management so that ports are opened for specific, permissioned applications and not end up with hosts being thrown into DMZ by default. > Having said all that, I'm curious what makes the IESG believe they have the > authority to impose any such future vision/goal on WG proposed standards. I > don't believe RFC 3710, 2026 nor 2418 gives the IESG such discretion. I > could be misreading those RFCs, but I believe the criteria the IESG should > be using are in RFC 2026 sections 4.1.1 and 6.1.2, and they're fairly > limited. That should be the function of the IAB. But ever since the infamous Kobe disaster it has not performed that function and neither has anyone else. -- Website: http://hallambaker.com/
_______________________________________________ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf