Michael Kloberdans <[email protected]> wrote: > All home routers should know their role; CER or IR. The status of CER
80% of the innovation of the Homenet working group is really to find a way to avoid having to *tell* the routers this role. Yes, they wind up deriving it, and I agree that it's useful for the routers to emit their conclusion in the form of CER-ID. > The status of CER places the burden of providing the firewall and NAPT as > it was determined to be the edge router. The interior routers need to > understand their role and disable their firewall and NAPT abilities. This > is why the CER-ID is a numeric value (indicating CER status) or a double > colon (indicating IR status). I think that your document needs a 2-3 page explanation of reasons why an router should believe the CER-ID it says. It's a very clear attack vector on a home router if you can get it to turn off it's firewall. I don't think your security considerations is adequate; you likely did not understand Markus' reference to the "evil bit", which a Steve Bellovin April 1 "RFC": rfc3514.txt. -- Michael Richardson <[email protected]>, Sandelman Software Works -= IPv6 IoT consulting =-
pgpbEqjqa6527.pgp
Description: PGP signature
_______________________________________________ homenet mailing list [email protected] https://www.ietf.org/mailman/listinfo/homenet
