RE: drafty IPv6 security overview draft submitted

[Pekka Savola <pekkas@netcore.fi>]

Hi,

Thanks for your comments.

On Fri, 4 Jul 2003, BELOEIL Luc FTRD/DMI/CAE wrote:
> - Section 5 : IPv6 Service Piloting Done Insecurely
> 
> I did not understand your point about personal firewall and entreprise
> firewall when you write that those firewalls "are often expected to also
> become IPv6-capable (even tough this is not really necessary)". Could
> you explain ?

Sorry, I left out too much text apparently.

The point is that IPv4 access can go through one firewall, and IPv6 access 
through some other firewall.  They don't need to be one and the same, and 
neither does their software need to be the same.
 
> - Section 9 : Operational Factors
> 
> Your point concerning "IPv6 processing may not happen at (near) line
> speed ..." does not concern security but availability ? Or do you have
> in mind DoS attack ?

Yes, this is more of an availability issue (which is part of security).  
It can also be used as a DoS attack.

The bottom line is, if people don't feel confident enough in the IPv6 
support, they really can't enable it (especially in the dual-stack 
networks, where IPv4 is "production").

-- 
Pekka Savola                 "You each name yourselves king, yet the
Netcore Oy                    kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings