On Aug 7, 2011, at 9:16 AM, Pascal Thubert (pthubert) wrote: > Looks obvious, but is it? > Yes.
> In one hand, we want the capability to reach anywhere we're allowed to from > home. OTOH, if anything in my home is reachable from anywhere, we are back to > the firewall paradigm. > Why? You are still back to all the security disadvantages of firewalls - soft chewy inside, etc. Reachability does not convey access authorization. Devices must either protect themselves directly or delegate that protection to a proxy of some sort (*not* necessarily a firewall). > There is an alternate model based on L3 overlays that was presented in > various places under names such as route projection, community of interest > or on-demand VPNs. > > That model forms dynamic overlays that act as L3 VLANs. Prefixes are no more > injected in the main infrastructure but only projected within the overlay. > This allows the model to scale with good mobility properties since an overlay > separates the locator and the identifier, which BTW can be of different > Address Families. > sounds pretty complicated - if it requires manual configuration it may b a non-starter. > I wanted to ask for a BOF in Taipei to discuss that model. Would anyone be > interested? > Not enough data here to judge. > Pascal > > >> -----Original Message----- >> From: [email protected] [mailto:[email protected]] On >> Behalf Of Roger Jørgensen >> Sent: Sunday, August 07, 2011 2:58 PM >> To: james woodyatt >> Cc: [email protected]; Fernando Gont >> Subject: Re: [homenet] [homegate] HOMENET working group proposal >> >> On Sun, Aug 7, 2011 at 3:18 AM, james woodyatt <[email protected]> wrote: >> <snip> >>> In the context of the HOMENET working group, one imagines that restoring >> general end-to-end reachability is arguably a worthy goal. <snip> >> >> +1 :-) >> >> >> >> -- >> >> Roger Jorgensen | >> [email protected] | - IPv6 is The Key! >> http://www.jorgensen.no | [email protected] >> _______________________________________________ >> homenet mailing list >> [email protected] >> https://www.ietf.org/mailman/listinfo/homenet > _______________________________________________ > homenet mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/homenet _______________________________________________ homenet mailing list [email protected] https://www.ietf.org/mailman/listinfo/homenet
