Hi, Jari,
My high level comment/question is: the proposed charter seems to stress
that IPv6 is the driver behind this potential wg effort... however, I
think that this deserves more discussion -- it's not clear to me why/how
typical IPv6 home networks would be much different from their IPv4
counterparts.
Bellow you'll find some comments/questions about the proposed charter.
They are not an argument against or in favour of the creation of the
aforementioned wg, but rather comments and/or requests for clarification...
On 06/29/2011 05:47 AM, Jari Arkko wrote:
[....]
o Service providers are deploying IPv6, and support for IPv6 is
increasingly available in home gateway devices. While IPv6 resembles
IPv4 in many ways, it changes address allocation principles and allows
direct IP addressability and routing to devices in the home from the
Internet. This is a promising area in IPv6 that has proved challenging
in IPv4 with the proliferation of NAT.
NAT devices involve two related but different issues:
* address translation
* an implicit "allow only return traffic" firewall-like functionality
One would hope/expect that the former will be gone with IPv6. However, I
don't think the latter will. As a result, even when you could "address"
nodes that belong to the "home network", you probably won't be able to
get your packets to them, unless those nodes initiated the communication
instance.
For instance (and of the top of my head), this functionality is even
proposed in the "simple security" requirements that had been produced by
v6ops.
o End-to-end communication is both an opportunity and a concern as it
enables new applications but also exposes nodes in the internal
networks to receipt of unwanted traffic from the Internet. Firewalls
that restrict incoming connections may be used to prevent exposure,
however, this reduces the efficacy of end-to-end connectivity that
IPv6 has the potential to restore.
I personally consider this property of "end-to-end connectivity" as
"gone". -- among other reasons, because it would require a change of
mindset. I'm more of the idea that people will replicate the
architecture of their IPv4 networks with IPv6, in which end-systems are
not reachable from the public Internet.
Thanks!
--
Fernando Gont
e-mail: fernando(_at_)gont(_dot_)com(_dot_)ar || fgont(_at_)acm(_dot_)org
PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf