On 06/30/2011 02:26 AM, Keith Moore wrote: > Rather than having another of an endless series of discussions about > the merits of NAT or lack thereof, can we just agree that it should > not be pre-ordained that this WG should assume NAT as a solution? I was originally arguing, at the very least, in favour of a stateful firewall at the border. Please correct me if I'm wrong, but this is what the IETF has already proposed (output of v6ops) for v6. I don't think you want your home network to be owned as a result of last "patch Tuesday" set of vulnerabilities... or that you want a brittle printer or fridge possibly impossible to patch) to be DoSed/owned just because it was cool to have it available on the Internet. (nor should we expect them to run a "host-based" firewall). Many/most networks are there to provide a specific service to their users (not for us to experiment with) -- whether we like it or not. As long as they are able to provide that service, I don't find a compelling reason for them to increase risk through unnecessary increased exposure. (Yes, in those cases in which you *need* increased exposure, you open your network -- i.e., "default deny") Thanks, -- Fernando Gont e-mail: fernando@xxxxxxxxxxx || fgont@xxxxxxx PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1 _______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf