[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
security considerations comments on draft-ietf-v6ops-unmaneval-00.txt (fwd)
- To: v6ops@ops.ietf.org
- Subject: security considerations comments on draft-ietf-v6ops-unmaneval-00.txt (fwd)
- From: Pekka Savola <pekkas@netcore.fi>
- Date: Mon, 1 Mar 2004 00:16:37 +0200 (EET)
I do not believe these were addressed in the revision.
---------- Forwarded message ----------
Date: Tue, 15 Jul 2003 10:53:02 -0400
From: Bill Sommerfeld <sommerfeld@east.sun.com>
To: v6ops@ops.ietf.org
Subject: security considerations comments on
draft-ietf-v6ops-unmaneval-00.txt
1) section 4.3: tunnel-related security considerations really apply to
all four scenarios; while it is less likely that tunnels will
be used in the other scenarios, it's not impossible.
suggested edit: pull the meat of section 4.3 into the main security
considerations section and make it clearly applicable to any situation
where tunnels are in use.
2) section 2.2:
On dual-stack nodes, similar security policy should be applied
to ipv4 and ipv6 communications; if strict policy is applied
only to v6 traffic, this will provide no additional security
(as the node will likely still be vulnerable through the v4
side). As a non-security matter, migration to v6 will be
discouraged if common apps work over v4 but fail over v6.
suggested edit: replace last sentance of 2.2 with:
Security policy which prevents use of v6 while allowing v4 will
discourage migration to v6 without significantly improving
security. Developers and administrators should make sure that
global Internet connectivity through either IPv4 or IPv6 is
restricted to only those applications that are expressly designed
for global Internet connectivity.
- Bill