Technical Summary
This document identifies a set of recommendations for the makers of
devices describing how to provide for "simple security" capabilities
at the perimeter of local-area IPv6 networks in Internet-enabled
homes and small offices.
Working Group Summary
The working group was divided on the concept of defining or recommending
the use of firewalls; as a result, this document is very explicitly a set
of recommendations for those that would choose to build or deploy a
firewall without making any recommendation on whether anyone should do
either. It describes a simple stateful firewall, permeable to traffic that
is secured using IPsec.
Document Quality
There is at least one deployed implementation of this firewall, and
expected to be others. The document clearly specifies a consensus set of
recommendations for such firewalls.
Personel
Fred Baker is shepherd.
RFC Editor Note
OLD TEXT:
REC-13:
By DEFAULT, Internet gateways SHOULD, automatically download
and install software updates for extending IPv6 simple security for
support of future standard upper layer transports and extension
headers.
NEW TEXT:
REC-13:
Residential Internet Gateways SHOULD provide a convenient means to
securely update their firmware, for the installation of security
patches and other manufacturer-recommended changes.
Vendors can expect users and operators to have differing viewpoints
on the maintenance of patches, with some preferring automated update
and some preferring manual initiation, and those preferring automated
update wanting to download from a vendor site or one managed by the
network operator. To handle the disparity, vendors are well advised
if they provide manual and automated options. In the automated case,
they would do well to facilitate pre-configuration of the download
URL and a means of validating the software image such as a certificate.