From: Elwyn Davies <elwynd@dial.pipex.com>
Date: October 6, 2005 8:33:21 AM PDT
To: Fred Baker <fred@cisco.com>, Kurt Erik Lindqvist
<kurtis@kurtis.pp.se>
Subject: New version of security overview submitted
Hi.
I just submitted the new version of the security overview
addressing the second last call comments (mostly from Tim Chown).
I'll send a message to the list when it appears.
I don't know if you feel this needs yet another last call... one
section (4.1) got rewritten as a result of Tim's comments and there
are a number of other changes.
Regards,
Elwyn
The list of changes is:
02 -> 03
Couple of pieces of spelling converted from UK to US fulfil/tunnelling
Several instances of 'unrecognized' appear to have vanished
(probably while changing them from
unrecognised in the previous edit.
s2.1.4: s/an /an unrecognized / (2 instances in next to last para)
s2.1.8.3: s/items /items unrecognized /
s2.1.6: 2nd para: s/to for any future/for any future/
s2.1.11: s/IPv4 addresses/IPv4 link-local addresses/
s2.1.11.1: promoted to s2.1.12, renumber rest of s2.1 accordingly
s2.1.11.1: added note on possible DoS attacks due to malicious
deprecation of prefixes with and
without IPv6 Router Selection option. (Tim Chown)
Added new s2.1.13: Documenting security issues with Host-Router
Load Sharing (Tim Chown)
Old s2.1.12 (Mobile IP) is now 2.1.14.
s2.2: last sentence s/and/ and/
s3.3: Added extra paragraph and figure 1 at end suggesting routing
of traffic through IPv6 and
IPv4 firewalls with tunnel endpoint between them (Tim Chown)
s4.1: completely rewritten
s4.3: added additional example of DHCP servers for guessable addresses
s4.4: Added comment emphasising that multiaddressing is the norm
not the exception (Tim Chown)
s4.4: Added note that privacy addresses can only be disabled by
using full stateful DHCPv6 Tim Chown)
s4.5:s/in might/it might/
s4.7: Added reference to IPv6 Node Requirements draft (Tim Chown)
s4.6: s/stable/mature/ in first para (Tim Chown)
App A: Added comment that 3041 addresses can only be used behind
6to4 router if host is not to be reachable from elsewhere. (Tim Chown)
App B: Added reference to Network Architecture Protection draft
(Tim Chown)
App B.3: Added note that many users woudl like a static /48 so they
can host services. (Tim Chown)