On 9/28/21 1:06 PM, Christopher Morrow wrote:


On Tue, Sep 28, 2021 at 3:02 PM Randy Bush <randy@psg.com> wrote:
> Heh, NAT is not that evil after all. Do you expect that all the home
> people will get routable public IPs for all they toys inside house?

in ipv6 they can.  and it can have consequences, see

    NATting Else Matters: Evaluating IPv6 Access Control Policies in
    Residential Networks;
    Karl Olson, Jack Wampler, Fan Shen, and Nolen Scaife

    https://link.springer.com/content/pdf/10.1007%2F978-3-030-72582-2_22.pdf

the ietf did not give guidance to cpe vendors to protect toys inside
your LAN


guidance aside... 'Time To Market' (or "Minimum Viable Product - MVP!) is likely to impact all of our security 'requirements'. :(
I also thought 'homenet' (https://datatracker.ietf.org/wg/homenet) was supposed to have provided the 
guidance you seek here?


What I wonder is which string the IETF has to push on to get CPE vendors to... anything.

Anecdotally, I've seen firewall controls on all of the CPE I've had and no IPv6 (at least commercially). 

Mike