-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hi Gunter,
I fully concur with you here. $.02, - - ferg On 2/24/2014 3:03 AM, Gunter Van de Velde (gvandeve) wrote: > Hi Fernando, > > Firewall technology is implemented based upon usage case and may be > very differently for each implementation (centralized, distributed, > L3-only, L4-only, L3-L4, Session, Services, Applications, > etc...)... loads of interpretations on what is the most secure and > scalable method for each usage-case. > > If a Firewall document would exist, then I believe it must document > both IPv4 and IPv6 technology. You should document all usage cases > and agreement on the security risks imposed, together with a > balanced view on how to address those risks. > > G/ > > -----Original Message----- From: OPSEC > [mailto:opsec-boun...@ietf.org] On Behalf Of Fernando Gont Sent: 19 > February 2014 06:09 To: 'opsec@ietf.org' Subject: [OPSEC] IPv6 > firewalls reqs: Rationale > > Folks, > > As noted in my previous email, this is a request to discuss the > first item listed in my previous email: > > 1) Agree on a rationale to write this spec. > > For example, one possible rationale is "aim at providing parity of > features with IPv4". Another one could be that "should should aim a > little higher". For example, in the light of > draft-farrell-perpass-attack we may aim at requiring some privacy > features that might not be that common in IPv4 firewalls. > > > Thoughts? > > Yours, -- Fernando Gont e-mail: ferna...@gont.com.ar || > fg...@si6networks.com PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 > 3945 96EE A9EF D076 FFF1 > > - -- Paul Ferguson VP Threat Intelligence, IID PGP Public Key ID: 0x54DC85B2 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iF4EAREIAAYFAlMLvUsACgkQKJasdVTchbKs9QEAuBdkLczR+2m7+zG9yKYnPxDT uVuS5w/O1mub2PpDyvgBAKi+Ml63g9/4IHsy9dtuPkeTioNqveMdE8vSoBBO8ZEK =T8Qp -----END PGP SIGNATURE----- _______________________________________________ OPSEC mailing list OPSEC@ietf.org https://www.ietf.org/mailman/listinfo/opsec