Hi, Gunter, Thanks so much for your feedback! Please find my coments inline...
On 02/24/2014 08:03 AM, Gunter Van de Velde (gvandeve) wrote: > > Firewall technology is implemented based upon usage case and may be > very differently for each implementation (centralized, distributed, > L3-only, L4-only, L3-L4, Session, Services, Applications, etc...)... > loads of interpretations on what is the most secure and scalable > method for each usage-case. Base on the feedback so far, it seems there's agreement to narrow down what we mean by firewall. So far the idea is to work on "L3-and-up Enterprise IPv6 firewall". > If a Firewall document would exist, then I believe it must document > both IPv4 and IPv6 technology. Me, I have no issues with documenting IPv4 technology. Although some folks have argued "forget about IPv4". I'll ask this question in a separate thread to get more input. > You should document all usage cases > and agreement on the security risks imposed, together with a balanced > view on how to address those risks. This seems to be out-of-scope. i.e., our document is on capabilities as opposed to discussing security architectures (i.e., this document is not meant to answer "centralized or distributed?", "what's the most secure architecture", etc.). Thoughts? Thanks! Best regards, -- Fernando Gont SI6 Networks e-mail: [email protected] PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492 _______________________________________________ OPSEC mailing list [email protected] https://www.ietf.org/mailman/listinfo/opsec
