comment on: draft-ietf-v6ops-unman-scenarios-00.txt

[Alain Durand <Alain.Durand@Sun.COM>]

I have several comments on draft-ietf-v6ops-unman-scenarios-00.txt.
Some minor ones and a major one, let me start by the later:

Security.

In IPv4+NAT, incoming connections are blocked unless
someone configured port forwarding. It means that a highly insecure
host in the unmanaged network has some degree of protection from the 
outside.
Not perfect, but at least it raises the bar a little. For example, I 
can have
an unconfigured network printer that is fully open, or not worry
too much about an potential security hole in the file server.

If IPv6 is turned on, in any of the described scenario A-D, all the 
sudden
all port from all addresses become reachable from the outside.
This is actually the benefit of IPv6, but it comes with a  price:
My unsecure hosts become more vulnerable, as they are now directly 
exposed,
and in my example, anybody can print on my network printer.
Security through obscurity helps a little here, as the IPv6 address of 
my
printer will be hard to guess. However, in the peer-to-peer example
described in the draft, the IPv6 address of the host gets published
so your peers can reach you. But what if there are services running
on the same hosts that are, let's say, not as robust as they should?
Maybe the peer-to-peer application is 'safe' but the 'backdoor' in the
file server has not been properly fixed...

This problem has different repercussions depending on which scenario 
you're in:

In scenario A, tunneling IPv6 over UDP to bypass the NAT/Firewall
creates a security breach. I understand this is the unmanaged case,
but if those techniques are applied in the enterprise (managed or 
unmanaged),
this can have serious consequences.

In scenario B, C & D, the CPE MUST implement an IPv6 firewall,
and make this one easy to administer in this unmanaged scenario ;-)

	- Alain.