> -----Original Message----- > From: Curtis Villamizar [mailto:[email protected]] > Sent: Friday, October 21, 2011 12:20 PM > To: Howard, Lee > Cc: james woodyatt; [email protected]; [email protected] > Subject: Re: [homenet] Homenet Architecture & Interim Meeting > > > In message > <dcc302faa9fe5f4bba4dcad4656937791451334...@prvpexvs03.corp.twcabl > e.com> > "Howard, Lee" writes: > > > > > > -----Original Message----- > > > From: [email protected] [mailto:[email protected]] On > > > Behalf Of > james > > > woodyatt > > > Sent: Monday, October 10, 2011 11:07 PM > > > To: [email protected] > > > Cc: [email protected] > > > Subject: Re: [homenet] Homenet Architecture & Interim Meeting > > > > > > On Oct 10, 2011, at 19:45 , Curtis Villamizar wrote: > > > > > > > > All of this is only true for IPv4 but not for IPv6. > > > > > > I wasn't talking about IPv4 at all. My comments are relevant in a world > > > entirely > comprising > > > IPv6-only service providers. The IPv6 Internet will be saddled with all > > > of the problems > of > > > the IPv4 Internet with respect to devices on homenets having to beg the > > > gateways to > allow > > > inbound packets from arbitrary remote destinations. It has nothing to do > > > with NAT, > and > > > everything to do with firewalls and stateful filters. > > > > s/beg/authorize > > > > That response seems to be confirming the problem. > > The customer should not need the ISP to authorize inbound traffic. > Otherwise the service should not be called an "Internet" service. It > is a service providing only limited Internet connectivity.
Perhaps I misunderstood the scenario. I would have the sentence read: "Devices on homenets have to authorize gateways to allow inbound packets from arbitrary remote destinations." Hosts can set their own security policy. If it's "send me everything," it can signal a firewall (using e.g. PCP) to allow everything. If it's "do not call," it can signal a firewall (using e.g. PCP) to deny anything not explicitly allowed. I do not adhere to "default permit" as a security principle. Lee > Curtis This E-mail and any of its attachments may contain Time Warner Cable proprietary information, which is privileged, confidential, or subject to copyright belonging to Time Warner Cable. This E-mail is intended solely for the use of the individual or entity to which it is addressed. If you are not the intended recipient of this E-mail, you are hereby notified that any dissemination, distribution, copying, or action taken in relation to the contents of and attachments to this E-mail is strictly prohibited and may be unlawful. If you have received this E-mail in error, please notify the sender immediately and permanently delete the original and any copy of this E-mail and any printout. _______________________________________________ homenet mailing list [email protected] https://www.ietf.org/mailman/listinfo/homenet
