Re: IPv6 woes - RFC

[Michael Thomas <mike () mtcc com>]

On 9/28/21 1:06 PM, Christopher Morrow wrote:
> On Tue, Sep 28, 2021 at 3:02 PM Randy Bush <randy () psg com 
> <mailto:randy () psg com>> wrote:
>
>     > Heh, NAT is not that evil after all. Do you expect that all the home
>     > people will get routable public IPs for all they toys inside house?
>
>     in ipv6 they can.  and it can have consequences, see
>
>         NATting Else Matters: Evaluating IPv6 Access Control Policies in
>         Residential Networks;
>         Karl Olson, Jack Wampler, Fan Shen, and Nolen Scaife
>
>     https://link.springer.com/content/pdf/10.1007%2F978-3-030-72582-2_22.pdf
>     <https://link.springer.com/content/pdf/10.1007%2F978-3-030-72582-2_22.pdf>
>
>     the ietf did not give guidance to cpe vendors to protect toys inside
>     your LAN
>
>
> guidance aside... 'Time To Market' (or "Minimum Viable Product - MVP!) 
> is likely to impact all of our security 'requirements'. :(
> I also thought 'homenet' (https://datatracker.ietf.org/wg/homenet 
> <https://datatracker.ietf.org/wg/homenet>) was supposed to have 
> provided the
> guidance you seek here?


What I wonder is which string the IETF has to push on to get CPE vendors 
to... anything.

Anecdotally, I've seen firewall controls on all of the CPE I've had and 
no IPv6 (at least commercially).

Mike