On 11 Mar 2012, at 05:28, Cameron Byrne wrote: > On Mar 10, 2012 5:05 PM, "Tim Chown" <[email protected]> wrote: > > > > a) An assumption of "Simple Security" with default deny on the CER. > > This implies PCP or uPnP to support punching holes. The text > > also talks about addressability vs reachability. > > I still disagree with this premise that we must default deny and have a mess > of inadequate and complex signalling to compensate . Can someone articulate > a threat model that requires this default deny and state tracking ? Or must > we put the cart before the horse without facts presented (maybe I missed that > detailed presentation of threats) ? Because win2k required a network based > firewall, we must always cripple e2e? > > Or, can homenet simply say home devices must be independently secure, may > have host based firewalls, or they must be placed in a properly screened > subnet of fundamentally flawed devices that require network security controls > and multi device port coordination ? > >
The -02 that is coming soon still has "simple security" as a default position, but also states a requirement for support of RFC 6092's transparent mode. That should be something a residential user can enable simply, if they choose to do so. Tim
_______________________________________________ homenet mailing list [email protected] https://www.ietf.org/mailman/listinfo/homenet
