Re: [homenet] draft-chown-homenet-arch-00.txt
We would like to get plenty of review and comment. Rather than dealing with individual edits, I'd rather start with a general philosophy question. I understand that the IETF thinks NATs are evil, but I also think there shouldn't be so much emphasis on homenets are not NAT, in an architecture document. Can we sideline the entire discussion over NATs. They're going to be there no matter what. My second concern is that while I understand the end-to-end principle, I also know that it's not realistic in many situations --and the home is one place where it's probably not. I know, I know, this is all heresy, but hear me out for a second before you hit reply and tell me how stupid I am being. This one line illustrates the entire concept in a nutshell: Security perimeters can of course restrict the end-to-end communications, but it is easier to block certain nodes from communicating than it is to re- enable nodes to communicate if they have been hidden behind address translation devices. Is this really true? When I want to secure a physical space, I block off all access, then put in carefully thought out access control points. I don't pile all my goods in the middle of the street, and then actively monitor every person who walks by, hiring more people to do the monitoring as needed. And I would point out that the problem is even worse in the network world --it's a large risk to come into my house and try to rob me, because of the physical danger involved. There is physical risk for the person breaking and entering, in other words. Breaking into me network has no risk whatsoever, and the gain could be huge --larger than stealing what I have in my living room. Instead of stealing my television, could steal my identity --and all at no physical risk, with trivial effort (you don't have to actually go to my house, etc.). So my posture on the network side is actually stronger, and more suspicious, than it is on the physical side. I think we should be a little more realistic about network security. We'd all like to live in a world where there are no identity thieves, and there are no viruses, and there is no-one trying to harm you, or invade your privacy. But that's just not real. And I know I'm about to get all sorts of stories about how someone has had their computer connected to the internet for x number of years, no nat, no firewall, and they've never caught anything, nor had anyone steal anything. Maybe you just need to lead a more interesting life if that's the case. And I'm happy for you, but when I actually administered a large network, I had virus incidents constantly --and I know I face it all the time in customer networks. So, IMHO: 1. Stop the screed against NAT. 2. Set out positive requirements, rather than negative ones. 3. Be realistic about security --the default should be _nothing_ reaches into my home, and I should have an easily managable way to allow what I want to allow. The default should not be an open door to anyone from anyplace at any time, and then we'll put in advanced monitoring to block activity. Just my 2c. :-) Russ ___ homenet mailing list homenet@ietf.org https://www.ietf.org/mailman/listinfo/homenet
Re: [homenet] draft-chown-homenet-arch-00.txt
Hi, On 12 October 2011 00:50, Russ White ru...@riw.us wrote: We would like to get plenty of review and comment. Rather than dealing with individual edits, I'd rather start with a general philosophy question. I understand that the IETF thinks NATs are evil, but I also think there shouldn't be so much emphasis on homenets are not NAT, in an architecture document. Can we sideline the entire discussion over NATs. They're going to be there no matter what. My second concern is that while I understand the end-to-end principle, I also know that it's not realistic in many situations --and the home is one place where it's probably not. I know, I know, this is all heresy, but hear me out for a second before you hit reply and tell me how stupid I am being. This one line illustrates the entire concept in a nutshell: Security perimeters can of course restrict the end-to-end communications, but it is easier to block certain nodes from communicating than it is to re- enable nodes to communicate if they have been hidden behind address translation devices. I think you are quoting from the Transparent End-to-End Communications section on pages 14/15 which is to do with communications _within_ the home network. Is this really true? When I want to secure a physical space, I block off all access, then put in carefully thought out access control points. I don't pile all my goods in the middle of the street, and then actively monitor every person who walks by, hiring more people to do the monitoring as needed. ... Generally speaking, I want open access within my home network, but may add specific rules to stop e.g. guest wi-fi getting to certain servers. I don't want layers of NAT within my home network, which is what you can get if you plug the WAN port of a IPv4 network device into the LAN port of another device. So, IMHO: 1. Stop the screed against NAT. 2. Set out positive requirements, rather than negative ones. 3. Be realistic about security --the default should be _nothing_ reaches into my home, and I should have an easily managable way to allow what I want to allow. The default should not be an open door to anyone from anyplace at any time, and then we'll put in advanced monitoring to block activity. See Security, Borders, and the elimination of NAT section on page 5. --- [RFC6092] provides recommendations for an IPv6 firewall that applies limitations on end-to-end transparency where security considerations are deemed important to promote local and Internet security. The firewall operation is simple in that there is an assumption that traffic which is to be blocked by default is defined in the RFC and not expected to be updated by the user or otherwise. The RFC also discusses an option for CPEs to have an option to be put into a transparent mode of operation. It is important to distinguish between addressability and reachability; i.e. IPv6 through use of globally unique addressing in the home makes all devices potentially reachable from anywhere. Whether they are or not should depend on firewall or filtering behaviour, and not the presence or use of NAT. ... --- Does this address you concerns? John ___ homenet mailing list homenet@ietf.org https://www.ietf.org/mailman/listinfo/homenet