[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: drafty IPv6 security overview draft submitted

To: "Pekka Savola" <pekkas@netcore.fi>
Subject: RE: drafty IPv6 security overview draft submitted
From: "BELOEIL Luc FTRD/DMI/CAE" <luc.beloeil@rd.francetelecom.com>
Date: Fri, 4 Jul 2003 10:28:22 +0200
Cc: <v6ops@ops.ietf.org>,"BAUDOT Alain FTRD/DMI/CAE" <alain.baudot@rd.francetelecom.com>

Hi all, 

I took a look at your paper a few weeks ago, but did not take time to
answer. I do think that such a paper is really usefull!

I have no comment on the structure only on the ideas...

- Section 2 Increased end-to-end Transparency:

I do think that is really important, most of entreprise network managers
I meet are really concerned about that point !

- Section 5 : IPv6 Service Piloting Done Insecurely

I did not understand your point about personal firewall and entreprise
firewall when you write that those firewalls "are often expected to also
become IPv6-capable (even tough this is not really necessary)". Could
you explain ?

- Section 9 : Operational Factors

Your point concerning "IPv6 processing may not happen at (near) line
speed ..." does not concern security but availability ? Or do you have
in mind DoS attack ?

my 0,02 %
Luc


-----Message d'origine-----
De : BAUDOT Alain FTRD/DMI/CAE 
Envoye : lundi 23 juin 2003 17:29
A : Pekka Savola; v6ops@ops.ietf.org
Objet : RE: drafty IPv6 security overview draft submitted


Hi Pekka,

I think it is very valuable to point out such concrete and operational
issues, one may face thinking about how to deploy IPv6 securely and
safely (without disrupting existing services), as well.  
It seems actually that there 3 types of issues : issues due to the
protocol itself, issues due to transition/co-existence tools, and issues
due to the deployement that may be adopted. And I guess each type of
issue should have specic kind of answer.

Regards,
Alain.

> -----Message d'origine-----
> De : Pekka Savola [mailto:pekkas@netcore.fi]
> Envoye : vendredi 20 juin 2003 10:33
> A : v6ops@ops.ietf.org
> Objet : drafty IPv6 security overview draft submitted
> 
> 
> Hello all,
> 
> I just submitted a draft on IPv6 security overview.  It's quite raw 
> and badly structured, but I ran out of time (and I'm off for a few 
> days, back on Wednesday or so).
> 
> I've tried to describe at least briefly all the aspects 
> relating to IPv6 
> and IPv6 transition/co-existence I could quickly think of.  
> This could be 
> one basis for the security discussion in Vienna.
> 
> Please have a look at it at some point and send feedback.
> 
> Prior to it being formally posted, it can be read from:
> 
> http://www.netcore.fi/pekkas/ietf/draft-savola-v6ops-security-
overview-00.txt

Abstract

   The transition/co-existance from IPv4 to IPv4/IPv6 causes one to
   consider the security considerations of such a process.  In this
   memo, I try to give an overview of different aspects relating to
   IPv6: the notion of increased end-to-end transparency, implications
   of tunneling, the use of IPv4-mapped addresses, the considerations of
   IPv6 service piloting without firewalls, IPv6 protocol-specific
   issues, IPv6 transition/co-existence mechanism -specific issues,
   consequences of enabling IPv6 by default, and operational security
   issues when enabling IPv6 in the network infrastructure.


It's only about 8 pages or so :-)

-- 
Pekka Savola                 "You each name yourselves king, yet the
Netcore Oy                    kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings

Follow-Ups:
- RE: drafty IPv6 security overview draft submitted
  - From: Pekka Savola <pekkas@netcore.fi>

Prev by Date: I-D ACTION:draft-ietf-v6ops-ipv4survey-trans-01.txt
Next by Date: RE: drafty IPv6 security overview draft submitted
Previous by thread: RE: drafty IPv6 security overview draft submitted
Next by thread: RE: drafty IPv6 security overview draft submitted
Index(es):
- Date
- Thread