draft-ietf-v6ops-unman-scenarios-02.txt

[Randy Bush <randy@psg.com>]

in today's iesg call, draft-ietf-v6ops-unman-scenarios-02.txt was
reviewed.  there were two comments, one of which is written up now
and is appended.  the other will be coming shortly.

i believe that these comments will need a new rev of the docuemnt.

randy

---

The Security Considerations of this document largely say that
security will be covered in a companion document, but there is a
short list of topics covered in this document.  This list should
add one that is very important to the unmanaged scenarios (related
to the recommendation in Section 5.1.2):


   Security considerations are discussed as part of the
   applications' requirements. They include:
   
   - the guarantee that local applications are only used locally,
   - the protection of the privacy of clients
   - the requirement that peer-to-peer connections are only used
     by authorized peers.

Applications in the unmanaged scenarios also need to be protected
from risks associated with the transition tools, for example,
access to their net through an opportunistic tunnel if the
IPv6-over-UDP service is not well-designed.  So I think that it
would be reasonable to add to Section 5.1.2 and to the Security
Considerations some statement about securing the recommended
tunneling approaches.  Here's some suggested words for the
Security Considerations:

   - the requirement that tunneling protocols used for IPv6 access
     over IPv4 be designed for secure use; the related requirement
     that servers in in the infrastructure supporting this
     tunneling be designed not to be vulnerable to abuse.

(Or something like that). 

Nit:

   In practice, updating the DNS can be slow, which implies that
   server applications will have a better chance of being deployed
   if the IPv6 addresses remain stable for a long period.

Oversimplified operational statement.  Does it belong in this
document?

-30-