On Tue, Sep 28, 2021 at 3:02 PM Randy Bush <randy@psg.com> wrote:
> Heh, NAT is not that evil after all. Do you expect that all the home
> people will get routable public IPs for all they toys inside house?
in ipv6 they can. and it can have consequences, see
NATting Else Matters: Evaluating IPv6 Access Control Policies in
Residential Networks;
Karl Olson, Jack Wampler, Fan Shen, and Nolen Scaife
https://link.springer.com/content/pdf/10.1007%2F978-3-030-72582-2_22.pdf
the ietf did not give guidance to cpe vendors to protect toys inside
your LAN
guidance aside... 'Time To Market' (or "Minimum Viable Product - MVP!) is likely to impact all of our security 'requirements'. :(I also thought 'homenet' (https://datatracker.ietf.org/wg/homenet) was supposed to have provided theguidance you seek here?
What I wonder is which string the IETF has to push on to get CPE
vendors to... anything.
Anecdotally, I've seen firewall controls on all of the CPE I've had and no IPv6 (at least commercially).
Mike