My apologies for posting to the wrong list -- I didn't realize there was a second v6ops listserv for IETF-related discussion (I also subscribe to ipv6-...@lists.cluenet.de at ).
Looks like ietf-v6ops-cpe-simple-security more than covers my little paragraph, except the phrase "stateful firewall" is nowhere to be found. Frank -----Original Message----- From: ipv6-boun...@ietf.org [mailto:ipv6-boun...@ietf.org] On Behalf Of james woodyatt Sent: Friday, March 26, 2010 12:34 PM To: IETF IPv6 Mailing List Cc: IPv6 v6ops Subject: Re: draft-ietf-v6ops-ipv6-cpe-router-04 [added V6OPS list] On Mar 26, 2010, at 08:11, Ole Troan wrote: >> Yeah, I think that after the bloody simple-security debates of the past >> week, that many are amazed that anyone on this list was able to miss the >> carnage. Anyway, the current CPE router draft has the following security >> requirements in section 4.4: >> >> S-1: The IPv6 CE router SHOULD support >> [I-D.ietf-v6ops-cpe-simple-security]. >> >> S-2: The IPv6 CE router MUST support ingress filtering in accordance >> with [RFC2827](BCP 38) >> >> The simple-security draft referenced in S-1 describes exactly what >> you're asking for (IMO), only in much greater detail. So I think what >> you're asking for is already in the cpe-router draft, and it would be a >> good idea for you to look at the simple-security draft and provide >> comments to it, if you think there's something missing. > > indeed, apart from the fact that it does not/will not make any recommendation about default on or off. If the editors of I-D.ietf-v6ops-ipv6-cpe-router would like to host the debate over whether or not to make such a recommendation, then that would make me very, very happy. We could declare all such flames out of scope for the discussion to review I-D.ietf-v6ops-cpe-simple-security. I might even consider bribing you with chocolates and fruit baskets if that would help. -- james woodyatt <j...@apple.com> member of technical staff, communications engineering -------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 -------------------------------------------------------------------- -------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
