[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: I-D ACTION:draft-ietf-multi6-multihoming-requirements-04.txt
Joe Abley wrote:
...
> >>
> >> 4. Security Considerations
> >>
> >> A multihomed site should not be more vulnerable to security
> >> breaches
> >> than a traditionally IPv4-multihomed site.
> >
> > Should we add "or a single-homed IPv6 site"?
>
> Is that reasonable? Or does the addition of an entry-point to a
> single-homed site make it inherently more vulnerable, in some small way?
>
> In response to some other private feedback, I also added the following
> sentence to the security section:
>
> <t>Any changes to routing practices made to accommodate multihomed
> sites should not cause non-multihomed sites to become more
> vulnerable to security breaches.</t>
>
> Comments on that would be appreciated.
I think that is good. I'll certainly concede to you and Sean
on my own suggestion, but I fear we will get pushback from
the IESG if we produce a solution that does weaken security.
Brian