Keith Moore wrote: > > Perimeter security of some kind is probably appropriate. Not just appropriate, it is an indispensible prerequisite. > > That doesn't mean that it has to look like firewalls do today. Not necessarily. But any sensible security requirements and primarily the requirement of the smallest possible attack surface amount to it. If it has to walk like a duck and quack like a duck, just use a duck instead of trying to retrain a goat. > > For one thing, users shouldn't have to muck with the details of > which ports to allow. _Unless_ they want to make a service accessible to the internet with software produced by folks or companys which prioritize features and merchantability far over security, quality and robustness -- which is to say 99.999% of the available software. > > And the idea that every application server on a home network needs > to negotiate access through some application-specific external server > (as is generally the case with NATs today) is also ridiculous. No, it is a simple technical problem that can be solved with a few lines of extra code for those few applications where it acutally matters. Just as democracy is the worst form of government except all the others that have been tried (attributed to Winston Churchill). Home networks should ALWAYS be NATed to the internet, so that it is not possible to provide a simple policy switch to make everything on the home network fully accessible from the internet, because any such switch will inevitably be abused much more often by the bad, poor novices and ignorant than sensibly employed by the needy and security conscious. Black-listing doesn't provide security, it always amounts to obscurity and security theater. Anything else than whitelisting is irresponsible security-wise. And dynamic whitelisting (the motivation behind NAT-PMP) is even better. Privacy is another issue. The current custom here in Germany is that the external IP-Address on your home gateway is dynamically assigned, it changes on every new assignment, i.e. when the DSL connection is reestablished after a carrier loss or cable disconnect, whenever you ask your DSL router for it, and at least once every 24 hours. While this does not provide perfect privacy protection, it is a good start. For many internet usage scenarios, the use of a longterm static IP-Address for home users would be completely irresponsible with respect to data privacy, and would likely make any logging of client IP-Addresses on servers unconditionally illegal in European countries. With respect to privacy, anything besides striclty voluntary, well-informed opt-in and anytime easy opt-out again, is a non-starter. No application, unless it absolutely, positively and unavoidably needs to should use a fixed/static address without the affected folks having provided conscious and clear consent. -Martin _______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf