On 02/19/2014 02:17 AM, Cb B wrote: > > Why would you look to a middle box to add privacy or any feature at > all?
Yep, sloppy terminology, sorry. -- I meant confidentiality, and I was referring to e.g. the VPN requirements in the current version of the document. *And*, I wasn't really arguing in favor. Just posing the question. > AFAIK, "firewalls" are in a unique position to be a single point of > failure for confidentiality , availability , and integrit. > > data point - > https://isc.sans.edu/forums/diary/Linksys+Worm+TheMoon+Summary+What+we+know+so+far/17633 > > Is there an IPv4 document that is similar in nature at the IETF? No. Firewalls have been mostly ignored in the IETF series. > Or is spec'ing firewalls a novel thing that for some reason is only > relevant to IPv6 I wouldn't call it novel. And it's certainly also relevant for IPv4, too. We probably left the IPv4 stuff out on the reasoning that it's probably rather late for that. The goal of specifying the requirements for v6 is because we have heard from many operators that whenever they want to purchase an IPv6 firewall, they have to come up with the requirements themselves, and then what they get from vendors is usually "not that nice" (so to speak :-) ). Please see e.g. the IPv6 firewalls talk(s) from the ipv6hackers meeting in Berlin 2013 (http://www.ipv6hackers.org). P.S.: Bottom-line: I posted this request for feedback for folks to make their point, not to necessarily agree with what's currently in the I-D! ;-) Thanks! Cheers, -- Fernando Gont e-mail: ferna...@gont.com.ar || fg...@si6networks.com PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1 _______________________________________________ OPSEC mailing list OPSEC@ietf.org https://www.ietf.org/mailman/listinfo/opsec
