On Oct 21, 2011 10:11 AM, "Howard, Lee" <[email protected]> wrote: > > > > > -----Original Message----- > > From: Curtis Villamizar [mailto:[email protected]] > > Sent: Friday, October 21, 2011 12:20 PM > > To: Howard, Lee > > Cc: james woodyatt; [email protected]; [email protected] > > Subject: Re: [homenet] Homenet Architecture & Interim Meeting > > > > > > In message > > <dcc302faa9fe5f4bba4dcad4656937791451334...@prvpexvs03.corp.twcabl > > e.com> > > "Howard, Lee" writes: > > > > > > > > > -----Original Message----- > > > > From: [email protected] [mailto:[email protected]] On Behalf Of > > james > > > > woodyatt > > > > Sent: Monday, October 10, 2011 11:07 PM > > > > To: [email protected] > > > > Cc: [email protected] > > > > Subject: Re: [homenet] Homenet Architecture & Interim Meeting > > > > > > > > On Oct 10, 2011, at 19:45 , Curtis Villamizar wrote: > > > > > > > > > > All of this is only true for IPv4 but not for IPv6. > > > > > > > > I wasn't talking about IPv4 at all. My comments are relevant in a world entirely > > comprising > > > > IPv6-only service providers. The IPv6 Internet will be saddled with all of the problems > > of > > > > the IPv4 Internet with respect to devices on homenets having to beg the gateways to > > allow > > > > inbound packets from arbitrary remote destinations. It has nothing to do with NAT, > > and > > > > everything to do with firewalls and stateful filters. > > > > > > s/beg/authorize > > > > > > > > That response seems to be confirming the problem. > > > > The customer should not need the ISP to authorize inbound traffic. > > Otherwise the service should not be called an "Internet" service. It > > is a service providing only limited Internet connectivity. > > Perhaps I misunderstood the scenario. > I would have the sentence read: > "Devices on homenets have to authorize gateways to allow inbound packets > from arbitrary remote destinations." > > Hosts can set their own security policy. If it's "send me everything," it > can signal a firewall (using e.g. PCP) to allow everything. If it's "do not call," > it can signal a firewall (using e.g. PCP) to deny anything not explicitly > allowed. > > I do not adhere to "default permit" as a security principle. >
Then you also do not care for supporting the e2e principle, and I thought I heard people mumble e2w was a good thing at the start of homenet. I am in the camp the host should be strong and smart and networks should be simple and fast. Cb > Lee > > > Curtis > > This E-mail and any of its attachments may contain Time Warner Cable proprietary information, which is privileged, confidential, or subject to copyright belonging to Time Warner Cable. This E-mail is intended solely for the use of the individual or entity to which it is addressed. If you are not the intended recipient of this E-mail, you are hereby notified that any dissemination, distribution, copying, or action taken in relation to the contents of and attachments to this E-mail is strictly prohibited and may be unlawful. If you have received this E-mail in error, please notify the sender immediately and permanently delete the original and any copy of this E-mail and any printout. > _______________________________________________ > homenet mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/homenet
_______________________________________________ homenet mailing list [email protected] https://www.ietf.org/mailman/listinfo/homenet
