> Yeah, I think that after the bloody simple-security debates of the past > week, that many are amazed that anyone on this list was able to miss the > carnage. Anyway, the current CPE router draft has the following security > requirements in section 4.4: > > S-1: The IPv6 CE router SHOULD support > [I-D.ietf-v6ops-cpe-simple-security]. > > S-2: The IPv6 CE router MUST support ingress filtering in accordance > with [RFC2827](BCP 38) > > The simple-security draft referenced in S-1 describes exactly what > you're asking for (IMO), only in much greater detail. So I think what > you're asking for is already in the cpe-router draft, and it would be a > good idea for you to look at the simple-security draft and provide > comments to it, if you think there's something missing.
indeed, apart from the fact that it does not/will not make any recommendation about default on or off. cheers, Ole -------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
