Roger Jorgensen wrote: > On Tue, 20 Sep 2005, Joe Touch wrote: > >>Danny Mayer wrote: >> >>>Brian E Carpenter wrote: >>> >>>>Jari Arkko wrote: >>>>... >>>> >>>>>o Whether we actually want to define a secure approach to >>>>>proxies. Here I'd personally be OK even with no security >>>>>for proxying, as long as the above issues were corrected. >>>>>But you could also argue the other way; the IETF usually >>>>>does require mandatory-to-implement security mechanisms >>>>>to go with its protocols. >>>> >>>>I'd be a bit concerned if I could, for example, walk into >>>>my neighbour's apartment, hop to his wireless LAN, and >>>>find myself getting proxy ND from a third neighbour I'd >>>>never met, without some sort of AAA process. But for >>>>an Experimental draft we can't really insist on a solution - >>>>for me the question is whether the warnings are sufficient. >>> >>>You don't even need to leave your apartment to do that. It's scary how >>>insecure people's wireless LAN setups are. >> >>Your 'insecure' is some people's 'plug and play' for their visitors. >> >>While I don't always agree with it, it's not clear it's not an equally >>desirable outcome. > > > I'm not 100% in the loop on this topic But, IF it's optional to have no > security, that's okay, but default should always be security. > that is, not possible to walk into someones appartment like described > above without the owner have himself configured it like that.
If the default configuration is 'security required' then the default behavior is likely to be 'won't operate until completely configured'. It's a trade-off - and what's the expense? Joe
signature.asc
Description: OpenPGP digital signature
-------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
