Keith Moore wrote:
Perimeter security of some kind is probably appropriate.
Not just appropriate, it is an indispensible prerequisite.
That doesn't mean that it has to look like firewalls do today.
Not necessarily. But any sensible security requirements and
primarily the requirement of the smallest possible attack surface
amount to it. If it has to walk like a duck and quack like a duck,
just use a duck instead of trying to retrain a goat.
For one thing, users shouldn't have to muck with the details of
which ports to allow.
_Unless_ they want to make a service accessible to the internet
with software produced by folks or companys which prioritize
features and merchantability far over security, quality and robustness
-- which is to say 99.999% of the available software.
And the idea that every application server on a home network needs
to negotiate access through some application-specific external server
(as is generally the case with NATs today) is also ridiculous.
No, it is a simple technical problem that can be solved with a few
lines of extra code for those few applications where it acutally matters.
Just as democracy is the worst form of government except all the
others that have been tried (attributed to Winston Churchill).
Home networks should ALWAYS be NATed to the internet, so that it is
not possible to provide a simple policy switch to make everything on
the home network fully accessible from the internet, because any
such switch will inevitably be abused much more often by the bad,
poor novices and ignorant than sensibly employed by the needy and
security conscious.
Black-listing doesn't provide security, it always amounts to
obscurity and security theater.
Anything else than whitelisting is irresponsible security-wise.
And dynamic whitelisting (the motivation behind NAT-PMP) is even better.
Privacy is another issue. The current custom here in Germany is that
the external IP-Address on your home gateway is dynamically assigned,
it changes on every new assignment, i.e. when the DSL connection
is reestablished after a carrier loss or cable disconnect,
whenever you ask your DSL router for it, and at least once
every 24 hours.
While this does not provide perfect privacy protection, it is a
good start. For many internet usage scenarios, the use of a
longterm static IP-Address for home users would be completely
irresponsible with respect to data privacy, and would likely make
any logging of client IP-Addresses on servers unconditionally
illegal in European countries.
With respect to privacy, anything besides striclty voluntary,
well-informed opt-in and anytime easy opt-out again, is a non-starter.
No application, unless it absolutely, positively and unavoidably needs
to should use a fixed/static address without the affected folks
having provided conscious and clear consent.
-Martin
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf