On 2007-03-02 17:09, Hallam-Baker, Phillip wrote:
From: Brian E Carpenter [mailto:brc(_at_)zurich(_dot_)ibm(_dot_)com]
This is of course one of the major motivations for
draft-ietf-v6ops-nap-06.txt, which is now in the RFC Editor's
queue. While it doesn't tell SOHO gateway vendors exactly
what to do, it does I think make it clear that there is a
secure mass market IPv6 way forward that has no need for NAT.
This is exactly the type of implict statement that I was concerned about.
I am a practical person.
I try to be one of those too, but analysis precedes synthesis.
The governing principle becomes Default-Deny.
That is completely compatible with the above draft.
The fixup required to make NAT work is neither complex nor onerous.
But irrelevant - the problems that NAT causes, and that having suffcient
address space (a.k.a. IPv6) solves, are orthogonal to security. That is
the whole point in this thread.
Brian
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf