Thank you Éric for making this change. If ISPs were to to implement and enable RA-Guard in ISP-supplied home gateways, that would break both Apple HomeKit and the upcoming Project Connected Home over IP <https://www.connectedhomeip.com/>. It would be a pity to break residential IoT in the infancy of the IoT industry, and it would create a lot of support telephone calls for Apple, other residential IoT vendors, and ISPs.
Stuart Cheshire On Feb 12, 2021, at 10:31 AM, Eric Vyncke (evyncke) <[email protected]> wrote: > Ted, > > As you guessed in your email : we, the authors, do not want to prevent > multi-homing ;-) E.g., we already have several ‘do not apply in all cases’ > for several mitigation techniques include the RA-guard one for obvious reason. > > Just to be clear, we have used your suggestion to modify the abstract and add > an applicability statement in a -24 version (yet to be published). We would > appreciate it if you reviewed the proposed change below. > > --- start of abstract --- > Knowledge and experience on how to operate IPv4 securely is > available: whether it is the Internet or an enterprise internal > network. However, IPv6 presents some new security challenges. RFC > 4942 describes the security issues in the protocol, but network > managers also need a more practical, operations-minded document to > enumerate advantages and/or disadvantages of certain choices. > > This document analyzes the operational security issues associated > with several types of network and proposes technical and procedural > mitigation techniques. This document is only applicable to managed > networks, such as enterprise building networks. The recommendations > in this document are not applicable to residential user cases, even > in cases where a Service Provider may be managing the home gateway. > > --- end of abstract --- > > --- start of applicability statement (sub-section of introduction) --- > 1.1. Applicability Statement > > This document is applicable to managed networks, i.e., when the > network is operated by the user organization itself. Indeed, many of > the recommended mitigation techniques must be configured with the > detailed knowledge of the network (which are the default router, > which are the switch trunk ports, etc.). This covers Service > Provider (SP), enterprise networks and some knowledgeable-home-user- > managed residential network. This applicability statement especially > applies to Section 2.3 and Section 2.5.4. > > For example, an exception to the generic recommendations of this > document is when a residential or enterprise network is multi-homed. > > --- end of applicability statement (sub-section of introduction) --- _______________________________________________ OPSEC mailing list [email protected] https://www.ietf.org/mailman/listinfo/opsec
