On 29 Oct 2012, at 10:20, [email protected] wrote: >> From: Michael Richardson <[email protected]> >> fujiwara> I submitted draft-fujiwara-smallest-homenet-01 >> fujiwara> >> http://www.ietf.org/internet-drafts/draft-fujiwara-smallest-homenet-01.txt >> >> fujiwara> Although access control for home servers is very important, >> fujiwara> managements and setups of access controls are difficult for >> most of >> fujiwara> users. "Connecting a new node to the same link" is >> fujiwara> easiest way of >> fujiwara> access control. One of solutions is to use link-local >> fujiwara> addresses for >> fujiwara> communications of clients and servers. >> >> fujiwara> Is it in a scope of homenet WG ? >> fujiwara> Does anyone have interests for the idea ? >> >> It seems to me like it's already an accepted part of the homenet arch. >> There will be ULAs and GUAs, and ULAs will be preferred for local >> communication. > > Thanks. > > What I would like to say is that > - Access control in homenet servers is important > - There are no/few experts in many homenets. > - Easy configuration is required for homenet servers. > # For example, link based access control. > > My idea is that by using Link-local address positively, the > communication in a link and the communication to the Internet can be > separated, and a design becomes easy. (We don't need new protocols.) > > After submitting this draft, I considered new idea to set default ACL > as the same net (/64) of servers.
There is some text in the homenet architecture draft that says similar things, but on the basis of using ULAs rather than link-locals. The other aspect from the homenet draft is the realm and border aspect. The homenet should be able to discover borders, both internal and external, between realms and apply appropriate policy between those realms. The assumption is that a subnet is the smallest realm. The latest version added a note that it is desirable that hosts/nodes can determine the realm they are in. Tim _______________________________________________ homenet mailing list [email protected] https://www.ietf.org/mailman/listinfo/homenet
