>>>>> "Cameron" == Cameron Byrne <[email protected]> writes:
    >> It's good to see some traction in service discovery and naming.
    >> 
    >> We also have a fifth area, security.  The text as it stands says
    >> a few things that apply to this area, e.g.
    >> 
    >> a) An assumption of "Simple Security" with default deny on the
    >> CER.  This implies PCP or uPnP to support punching holes.  The
    >> text also talks about addressability vs reachability.
    >> 

    Cameron> I still disagree with this premise that we must default
    Cameron> deny and have a mess of inadequate and complex signalling
    Cameron> to compensate . Can someone articulate a threat model that
    Cameron> requires this default deny and state tracking ? Or must we
    Cameron> put the cart before the horse without facts presented

+1

I think that the question as to whether or not "Simple Security"
defaults to on is a seperate question as to whether or not "Simple
Security" MUST be available to be turned on.

    Cameron> Or, can homenet simply say home devices must be
    Cameron> independently secure, may have host based firewalls, or
    Cameron> they must be placed in a properly screened subnet of
    Cameron> fundamentally flawed devices that require network security
    Cameron> controls and multi device port coordination ?

so, if such a subnet is to exist (and it could be virtual thanks to
things like NEA), then Simple Security still needs to be implemented.

In my mind, to get around the "NAT is security, e2e is bad" CROWD, which
is ALL OVER THE PLACE out there (not here at the IETF, where we are much
more clueful. I'm talking about people with phony letters after their titles
who have never heard of the IETF), we need to have an answer, and that
answer must be very clearly labelled, such that it can be turned off by
people who want it.

-- 
]       He who is tired of Weird Al is tired of life!           |  firewalls  [
]   Michael Richardson, Sandelman Software Works, Ottawa, ON    |net architect[
] [email protected] http://www.sandelman.ottawa.on.ca/ |device driver[
   Kyoto Plus: watch the video <http://www.youtube.com/watch?v=kzx1ycLXQSE>
                       then sign the petition. 


Attachment: pgpW6n0e1zGx3.pgp
Description: PGP signature

_______________________________________________
homenet mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/homenet

Reply via email to