On Mar 10, 2012, at 5:04 PM, Tim Chown wrote: > It's good to see some traction in service discovery and naming. > > We also have a fifth area, security. The text as it stands says a few > things that apply to this area, e.g. > > a) An assumption of "Simple Security" with default deny on the CER. > This implies PCP or uPnP to support punching holes. The text > also talks about addressability vs reachability.
> d) Mention of "Advanced Security", which talks about the ability to > install 3rd party policies. Some have suggested removing this > from the initial homenet spec. One of these days I'll figure out what is "advanced" about "advanced security". I think the point of interest is that it can be expected to not be maintained (how many people maintain their norton-or-whatever-firewall contracts?) and will therefore allow a lot of stuff through. I will be doing a talk in opsawg trying to make the firewall story a little less "I don't like this and I do like that", more about what a firewall does and doesn't do and what models one might consider - at least three of them. If there is interest in homenet, I could comment on that discussion. http://tools.ietf.org/html/draft-baker-opsawg-firewalls "On Firewalls in Internet Security", Fred Baker, 20-Jan-12 _______________________________________________ homenet mailing list homenet@ietf.org https://www.ietf.org/mailman/listinfo/homenet
