[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: FW: I-D ACTION:draft-ietf-v6ops-ent-scenarios-03.txt

To: Margaret Wasserman <margaret@thingmagic.com>
Subject: Re: FW: I-D ACTION:draft-ietf-v6ops-ent-scenarios-03.txt
From: Pekka Savola <pekkas@netcore.fi>
Date: Fri, 2 Jul 2004 08:02:47 +0300 (EEST)
Cc: "Soininen Jonne (Nokia-NET/Helsinki)" <jonne.soininen@nokia.com>, "ext Bound, Jim" <jim.bound@hp.com>, <v6ops@ops.ietf.org>
In-reply-to: <p0602040fbd08af46eca1@[10.0.0.41]>

Hi,

On Wed, 30 Jun 2004, Margaret Wasserman wrote:
> At 9:03 AM +0300 6/30/04, Pekka Savola wrote:
> >I don't think this addresses my personal comments.  The most important
> >of them, an applicability statement about a security defence network
> >(supported by Richard Graveman at least), hasn't been included.
> 
> I apologize, but I think I missed what you suggested for an 
> applicability statement for the Security Defense network...  Could 
> you summarize?

I did this on May 25, and Richard Graveman agreed.  A suggestion was 
adding a paragraph like:

    Note that these kind of networks are uncommon and unfit to be a
    model or example for deployment for enterprises in general.  
    However, due to their importance to the vendor community, their
    requirements should be considered explicitly.

As you see, I'm not arguing that the example needs to be removed
(though I wouldn't object :), but that it's made crystal clear that
the example might not be a basis for *generalizing* how we would be
deploying IPv6 in enterprises because those security defence networks
*are* uncommon, and they likely won't share much with 99% of other
enterprises (which aren't defence/military networks).

Therefore, I'd not like to see a situation where someone could point
at the enterprise documents and say, "see, that's how they did it,
let's do so ourselves as well!" (even though the actual scenarios and
requirements would be entirely different).

> I believe that this scenario is an interesting and important scenario 
> to explore.  How will people who are running highly secure/mobile 
> networks today transition to IPv6?

If those networks have special characteristics applicable only for
military networks, let's just call them transitioning in military
networks, not highly secure (or mobile) networks :).  I see no problem
having an example describing military networks -- most countries have
one, so there should be some aggregation benefit here -- but it should
(IMHO) be clearly separated from the other kinds of enterprise
examples.

[...] 
> At least within the U.S. Department of Defense there has been some 
> resistance to deploying IPv6 on "operational" networks, because of 
> uncertainty about the security implications of doing so.  It would be 
> good for us to explore those implications, dispell any myths, and 
> close any holes that do exist.

This is possibly beyond the scope of the enterprise documents, but
hopefully the issues will rise during the process and they are written
up and pushed forward (e.g., a separate document about v6 myths or v6
security issues).

-- 
Pekka Savola                 "You each name yourselves king, yet the
Netcore Oy                    kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings

References:
- Re: FW: I-D ACTION:draft-ietf-v6ops-ent-scenarios-03.txt
  - From: Margaret Wasserman <margaret@thingmagic.com>

Prev by Date: RE: Moving forward
Next by Date: RE: FW: I-D ACTION:draft-ietf-v6ops-ent-scenarios-03.txt
Previous by thread: Re: FW: I-D ACTION:draft-ietf-v6ops-ent-scenarios-03.txt
Next by thread: Re: FW: I-D ACTION:draft-ietf-v6ops-ent-scenarios-03.txt
Index(es):
- Date
- Thread