Le 2014-04-18 14:00, William Herrin a écrit : > On Fri, Apr 18, 2014 at 1:40 PM, Simon Perreault <si...@per.reau.lt> wrote: >> Le 2014-04-18 13:35, William Herrin a écrit : >>> Your document specifies "Enterprise" firewalls. Frankly I think that's >>> wise. Consumer and enterprise users have very different needs and very >>> different cost points. >> >> Over here we have no use for IPv6 NAT. We have our own PI space. I >> suspect many other enterprises would be in a similar situation. >> >> I totally get your position, but I don't see how it can justify an >> Internet-wide requirement. > > As I understand your document, you're trying to scope a set of minimum > required features for a firewall that will be able to describe itself > as "RFC whatever compliant." The idea is for folks working for large > enterprises to be able to use such a tag as a discriminator for > potential purchases. Since a pretty humongous number of them are using > NAT with IPv4 and are likely to want to do so with IPv6, leaving that > out of the required feature list seems counter-productive to your goal > of a document which has utility to them. > > Besides, you have spam control and URL filtering in there. Do you > seriously propose that spam control and URL filtering rank above NAT > on the *firewall* requirements list?
Well, it's not *my* document, but I'm very interested in it. IMHO it should not be a shopping list of features that people might want. The goal should not be to be a base for RFPs. IMHO, what the IETF can do is recommend a set of behavioural traits that make IPv6 firewalls behave like good citizens in the Internet ecosystem. Meaning that a firewall that obeys those requirements will not break the Internet. For example, passing ICMPv6 Too Big messages is important to not break the Internet. I think we can get consensus on such requirements, and I think it would fit the IETF's role. A feature shopping list, not so much. Simon