[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Requirements for IPv6 Firewalls
On Fri, Apr 18, 2014 at 2:32 PM, Simon Perreault <simon at per.reau.lt> wrote:
> Le 2014-04-18 14:20, William Herrin a ?crit :
>> That would either be a very short document or a document so
>> ideologically loaded that it has no technical utility. The Internet is
>> pretty resilient. There isn't much a firewall can do to break it.
>
> In IETF we routinely use the phrase "breaking the Internet" to mean
> something rather more limited than "breaking all of the Internet". There
> are tons of things firewalls can do, and some do today, that would be
> considered breaking the Internet.
>
> FYI, we had a similar document targeted at CGNs:
>
> http://tools.ietf.org/html/rfc6888
Excluding references and remarks RFC 6888 is 8 pages long with 15
total requirements. Short.
I'll let the firewall document's authors speak for themselves about
their document's purpose. In the abstract, they said: ''This has
typically been a problem for network operators, who typically have to
produce a "Request for Proposal" from scratch that describes such
features.''
That says, "discriminator for potential purchases" to me. What's your take?
I agree that a "don't break the Internet' firewall requirements
document could have utility. But that doesn't appear to be this
document. And if done well, such a document would be short just like
RFC 6888.
Regards,
Bill Herrin
--
William D. Herrin ................ herrin at dirtside.com bill at herrin.us
3005 Crane Dr. ...................... Web: <http://bill.herrin.us/>
Falls Church, VA 22042-3004