[added V6OPS list] On Mar 26, 2010, at 08:11, Ole Troan wrote:
>> Yeah, I think that after the bloody simple-security debates of the past >> week, that many are amazed that anyone on this list was able to miss the >> carnage. Anyway, the current CPE router draft has the following security >> requirements in section 4.4: >> >> S-1: The IPv6 CE router SHOULD support >> [I-D.ietf-v6ops-cpe-simple-security]. >> >> S-2: The IPv6 CE router MUST support ingress filtering in accordance >> with [RFC2827](BCP 38) >> >> The simple-security draft referenced in S-1 describes exactly what >> you're asking for (IMO), only in much greater detail. So I think what >> you're asking for is already in the cpe-router draft, and it would be a >> good idea for you to look at the simple-security draft and provide >> comments to it, if you think there's something missing. > > indeed, apart from the fact that it does not/will not make any recommendation > about default on or off. If the editors of I-D.ietf-v6ops-ipv6-cpe-router would like to host the debate over whether or not to make such a recommendation, then that would make me very, very happy. We could declare all such flames out of scope for the discussion to review I-D.ietf-v6ops-cpe-simple-security. I might even consider bribing you with chocolates and fruit baskets if that would help. -- james woodyatt <j...@apple.com> member of technical staff, communications engineering -------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------