Re: draft-ietf-v6ops-ipv6-cpe-router-04

Fri, 26 Mar 2010 15:08:36 -0700 

On 3/26/10 6:33 PM, james woodyatt wrote:

[added V6OPS list]

On Mar 26, 2010, at 08:11, Ole Troan wrote:


Yeah, I think that after the bloody simple-security debates of the past
week, that many are amazed that anyone on this list was able to miss the
carnage. Anyway, the current CPE router draft has the following security
requirements in section 4.4:

  S-1:  The IPv6 CE router SHOULD support
        [I-D.ietf-v6ops-cpe-simple-security].

What does "support" mean?
I would like it to be very clear that "support" does not imply that it be set to "transparent" or "non-transparent" mode by default, just that the functionality exist and be available to be turned on or off. 

- Mark

  S-2:  The IPv6 CE router MUST support ingress filtering in accordance
        with [RFC2827](BCP 38)

The simple-security draft referenced in S-1 describes exactly what
you're asking for (IMO), only in much greater detail. So I think what
you're asking for is already in the cpe-router draft, and it would be a
good idea for you to look at the simple-security draft and provide
comments to it, if you think there's something missing.

indeed, apart from the fact that it does not/will not make any recommendation 
about default on or off.

If the editors of I-D.ietf-v6ops-ipv6-cpe-router would like to host the debate 
over whether or not to make such a recommendation, then that would make me 
very, very happy.  We could declare all such flames out of scope for the 
discussion to review I-D.ietf-v6ops-cpe-simple-security.  I might even consider 
bribing you with chocolates and fruit baskets if that would help.


--
james woodyatt<j...@apple.com>
member of technical staff, communications engineering


--------------------------------------------------------------------
IETF IPv6 working group mailing list
ipv6@ietf.org
Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------



--------------------------------------------------------------------
IETF IPv6 working group mailing list
ipv6@ietf.org
Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------

Reply via email to