[171125] in North American Network Operators' Group
Re: Requirements for IPv6 Firewalls
daemon@ATHENA.MIT.EDU (Lee Howard)
Fri Apr 18 18:11:00 2014
Date: Fri, 18 Apr 2014 18:10:26 -0400
From: Lee Howard <Lee@asgard.org>
To: William Herrin <bill@herrin.us>, Fernando Gont <fernando@gont.com.ar>
In-Reply-To: <CAP-guGV-NJEUaSRJPVfNGtdar5ABRkjEbEpqsaDU2Vq0B=rEBQ@mail.gmail.com>
Cc: NANOG <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On 4/17/14 11:51 AM, "William Herrin" <bill@herrin.us> wrote:
>
>Also, I note your draft is entitled "Requirements for IPv6 Enterprise
>Firewalls." Frankly, no "enterprise" firewall will be taken seriously
>without address-overloaded NAT. I realize that's a controversial
>statement in the IPv6 world but until you get past it you're basically
>wasting your time on a document which won't be useful to industry.
You've said this before, and it is still an absurdly over-broad statement.
Many security professionals have deployed enterprise firewalls to their
satisfaction without NAT-PT.
We had this debate, what, a month ago? Your position hasn't changed. No
new use cases have emerged. Are we done here?
Lee
