The use of DHCPv6 is a constraint? It is just another option, which is also dynamic, in my opinion.
On 8/2/11 9:42 PM, "Samita Chakrabarti" <[email protected]> wrote: > >Please see below. > >-----Original Message----- >From: [email protected] [mailto:[email protected]] On >Behalf Of Shane Amante >> do is a tall order. I also think the is more than a desire to ease >> configuration burden, this is a must since most users on the Internet >> have very basic technical skills. > >So, I agree with this point, but are we constraining our thinking too >early? For example, if the assumption is there is a singular >CPE-router/FW that has been allocated a /56 from a provider, then: >- why couldn't the FW provide 'stateful firewall' service for the first >'covering' /60 of IPv6 prefixes (/64's) allocated within the house; >- but, the CPE-router/FW would /NOT/ provide stateful or stateless >firewall for the remaining 7/8's of address space allocated within the >house. > >Of course, just change the 'mask' lengths to represent whatever the WG >thinks are 'sensible' defaults. > >And, we'd need to decide if this is something a device in the home can >'dynamically' request from the CPE-router/FW via, say, DHCPv6 or if there >are better options ... > >-shane > > >SC> Agree. I would like to see more openness in the design of 'future >home network' where in the future we might need to do more >auto-configuration; the networks and devices might be such that they >would be more lightweight and suitable for address auto-configuration >than today's DCHP only home-network - though DHCP(v6) support would be >absolutely needed for backward compatibility. But constraining homenet >into DHCP-only network will limit the applicability of new type of >networks, topologies, devices and services etc. > >-Samita > > > > > > > > >>> >>> A different idea is that the firewall always work in a very minimal >>> mode by default (e.g. it passes no traffic, or maybe only outgoing >>> port 80 traffic, but its configuration interface is enabled for the >>> internal >>> ports) so that the user must configure it in order to get it to do >>> anything useful. That way, the first thing a user learns about his >>> router/firewall is how to configure it. Then you want to focus on >>> making the configuration interface easy to understand. (You also >>> have to figure out how to keep the user from hooking up the internal >>> port to the external connection.) >> [jjmb] I said something similar to this is in an earlier email. To >> the start there should perhaps be a basic configuration that protects >> the user and allows the service to be usable. >>> >>> But these are user interface issues, not protocol issues. Perhaps >>> they're better addressed in homenet than here. >> [jjmb] I could image some protocol work that could ease the pain here, >> UI for sure could facilitate ease of use. >>> >>> Keith >>> >>> _______________________________________________ >>> v6ops mailing list >>> [email protected] >>> https://www.ietf.org/mailman/listinfo/v6ops >> >> _______________________________________________ >> v6ops mailing list >> [email protected] >> https://www.ietf.org/mailman/listinfo/v6ops > >_______________________________________________ >homenet mailing list >[email protected] >https://www.ietf.org/mailman/listinfo/homenet _______________________________________________ homenet mailing list [email protected] https://www.ietf.org/mailman/listinfo/homenet
