IPv6 Firewall on CPEs - Default on or off
Martin Millnert
martin at millnert.se
Tue Dec 4 12:57:21 CET 2012
Hi,
On Tue, 2012-12-04 at 11:21 +0000, Benedikt Stockebrand wrote:
> I like that analogy, but still it doesn't really hold at this point in
> time. Right now, people who don't understand any of the technese
> we're writing here do have a certain expectation on how "their
> Internet" works. Give it another two years or so that expectation has
> changed sufficiently to warrant an "all open" default setting, but
> right now I'd consider that a bad move.
I disagree with this. Or rather, I see two completely different things:
1) Customer keeps same CPE and does no change themselves. Changing
some feature can quite possibly cause customer feedback, but enabling
IPv6 without firewall may not be one of them.
2) Customer gets a new CPE for some reason (new customer at ISP,
changes CPE at same ISP): Here there are very few expectations on
"their" internet, because they just got a new one.
At least from Swedish expectations, where fixed ethernet to the home is
very common, there is extremely little expectation among people that the
outlet in the wall has some sort of firewall.
There may be a little bit more expectation that a "box" has some
firewall, but this also implies the expectation on a firewall is coupled
with a certain box. This is wide open for change now, especially with
new customers.
/M
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part
Url : http://lists.cluenet.de/pipermail/ipv6-ops/attachments/20121204/86eb6e8c/attachment.bin
More information about the ipv6-ops
mailing list