--On Monday, 05 March, 2007 09:15 -0800 "Hallam-Baker, Phillip" <pbaker@xxxxxxxxxxxx> wrote: > >> From: Brian E Carpenter [mailto:brc@xxxxxxxxxxxxxx] > >> John, >> >> (after also reading Michael's response) >> >> I don't disagree. I think there is scope for writing a list >> of desirable properties for SOHO routers in the light of >> these various inputs. I'm less certain it can be done for >> enterprise boundary routers. But it would be a tricky and >> contentious job in both cases. Even draft-ietf-v6ops-nap took >> many moons and several major editing passes, and it only >> starts the work. > > SOHO is the one that won't get done otherwise. The enterprise > folk have Gartner, Burton and the Jericho forum to express > their list of requirements through (and the RFP process to put > those requirements on the vendor product roadmaps). > > From the SOHO perspective I have been saying for years now > that many of the problems we have wit bots would be > significantly reduced if SOHO routers and cable modems came > configured with an outbound firewall by default. >... While I have disagreed with many of the other things Phillip has said in this thread, I am in complete agreement with this one and taken much the same position for some time. Indeed, I have long suspected that the highest-leverage remedy for many spam and malware issues would start with considering ISPs who supply SOHO and, even more important, residential, connections without supplying or requiring such firewalls at the boundary to be liable for the damage that results. While an IETF Standard specifying the capabilities such a firewall should have and how it should be configured is neither necessary nor sufficient to hold ISPs to that level of accountability and liability, it would certainly be a very useful step to clearly establish the requirements and their importance. While I don't think the IETF list is the right place to try to sort out Philip's specific configuration suggestions, I note that none of the mass-market inexpensive devices sold as "Cable/DSL Routers" or firewalls (at least those I'm aware of) are even capable of being configured to do the type of outbound rate limiting that he suggests. john _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf