Hi Fernando, Firewall technology is implemented based upon usage case and may be very differently for each implementation (centralized, distributed, L3-only, L4-only, L3-L4, Session, Services, Applications, etc...)... loads of interpretations on what is the most secure and scalable method for each usage-case.
If a Firewall document would exist, then I believe it must document both IPv4 and IPv6 technology. You should document all usage cases and agreement on the security risks imposed, together with a balanced view on how to address those risks. G/ -----Original Message----- From: OPSEC [mailto:opsec-boun...@ietf.org] On Behalf Of Fernando Gont Sent: 19 February 2014 06:09 To: 'opsec@ietf.org' Subject: [OPSEC] IPv6 firewalls reqs: Rationale Folks, As noted in my previous email, this is a request to discuss the first item listed in my previous email: 1) Agree on a rationale to write this spec. For example, one possible rationale is "aim at providing parity of features with IPv4". Another one could be that "should should aim a little higher". For example, in the light of draft-farrell-perpass-attack we may aim at requiring some privacy features that might not be that common in IPv4 firewalls. Thoughts? Yours, -- Fernando Gont e-mail: ferna...@gont.com.ar || fg...@si6networks.com PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1 _______________________________________________ OPSEC mailing list OPSEC@ietf.org https://www.ietf.org/mailman/listinfo/opsec _______________________________________________ OPSEC mailing list OPSEC@ietf.org https://www.ietf.org/mailman/listinfo/opsec