[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: I-D ACTION:draft-ietf-multi6-multihoming-requirements-04.txt

To: Joe Abley <jabley@isc.org>
Subject: Re: I-D ACTION:draft-ietf-multi6-multihoming-requirements-04.txt
From: Brian E Carpenter <brian@hursley.ibm.com>
Date: Wed, 16 Apr 2003 16:55:04 +0200
Cc: multi6@ops.ietf.org
Organization: IBM
References: <E89B986A-7010-11D7-8CF7-00039312C852@isc.org>

Joe Abley wrote:
...
> >>
> >> 4. Security Considerations
> >>
> >>    A multihomed site should not be more vulnerable to security
> >> breaches
> >>    than a traditionally IPv4-multihomed site.
> >
> > Should we add "or a single-homed IPv6 site"?
> 
> Is that reasonable? Or does the addition of an entry-point to a
> single-homed site make it inherently more vulnerable, in some small way?
> 
> In response to some other private feedback, I also added the following
> sentence to the security section:
> 
>      <t>Any changes to routing practices made to accommodate multihomed
>        sites should not cause non-multihomed sites to become more
>        vulnerable to security breaches.</t>
> 
> Comments on that would be appreciated.

I think that is good. I'll certainly concede to you and Sean
on my own suggestion, but I fear we will get pushback from
the IESG if we produce a solution that does weaken security.

    Brian

Follow-Ups:
- Re: I-D ACTION:draft-ietf-multi6-multihoming-requirements-04.txt
  - From: Sean Doran <smd@ab.use.net>

References:
- Re: I-D ACTION:draft-ietf-multi6-multihoming-requirements-04.txt
  - From: Joe Abley <jabley@isc.org>

Prev by Date: Re: old GSE idea
Next by Date: Re: old GSE idea
Previous by thread: Re: I-D ACTION:draft-ietf-multi6-multihoming-requirements-04.txt
Next by thread: Re: I-D ACTION:draft-ietf-multi6-multihoming-requirements-04.txt
Index(es):
- Date
- Thread