On Tue, Feb 18, 2014 at 9:09 PM, Fernando Gont <[email protected]> wrote: > Folks, > > As noted in my previous email, this is a request to discuss the first > item listed in my previous email: > > 1) Agree on a rationale to write this spec. > > For example, one possible rationale is "aim at providing parity of > features with IPv4". Another one could be that "should should aim a > little higher". For example, in the light of > draft-farrell-perpass-attack we may aim at requiring some privacy > features that might not be that common in IPv4 firewalls. > > > Thoughts? >
Why would you look to a middle box to add privacy or any feature at all? AFAIK, "firewalls" are in a unique position to be a single point of failure for confidentiality , availability , and integrit. data point - https://isc.sans.edu/forums/diary/Linksys+Worm+TheMoon+Summary+What+we+know+so+far/17633 Is there an IPv4 document that is similar in nature at the IETF? Or is spec'ing firewalls a novel thing that for some reason is only relevant to IPv6 CB > Yours, > -- > Fernando Gont > e-mail: [email protected] || [email protected] > PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1 > > > > _______________________________________________ > OPSEC mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/opsec _______________________________________________ OPSEC mailing list [email protected] https://www.ietf.org/mailman/listinfo/opsec
