On 11 Mar 2012, at 05:28, Cameron Byrne wrote:
> On Mar 10, 2012 5:05 PM, "Tim Chown" <[email protected]> wrote:
> >
> > a) An assumption of "Simple Security" with default deny on the CER.
> >    This implies PCP or uPnP to support punching holes.  The text
> >     also talks about addressability vs reachability.
> 
> I still disagree with this premise that we must default deny and have a mess 
> of inadequate and complex  signalling to compensate . Can someone articulate 
> a threat model that requires this default deny and state tracking ? Or must 
> we put the cart before the horse without facts presented (maybe I missed that 
> detailed presentation of threats) ? Because win2k required a network based 
> firewall, we must always cripple e2e?
> 
> Or, can homenet simply say home devices must be independently secure, may 
> have host based firewalls, or they must be placed in a properly screened 
> subnet of fundamentally flawed devices that require network security controls 
> and multi device port coordination ?
> 
> 

The -02 that is coming soon still has "simple security" as a default position, 
but also states a requirement for support of RFC 6092's transparent mode.  That 
should be something a residential user can enable simply, if they choose to do 
so.

Tim

_______________________________________________
homenet mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/homenet

Reply via email to