[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: New I-D: Teredo Security Concerns Beyond What Is In RFC 4380

To: v6 ops <v6ops@ops.ietf.org>
Subject: Re: New I-D: Teredo Security Concerns Beyond What Is In RFC 4380
From: Jim Hoagland <jim_hoagland@symantec.com>
Date: Thu, 14 Jun 2007 08:24:39 -0700
In-reply-to: <200706042243.22563@auguste.remlab.net>
User-agent: Microsoft-Entourage/11.3.3.061214

On 6/4/07 12:43 PM, "Rémi Denis-Courmont" <rdenis@simphalempin.com> wrote:

> Inspection would only make sense if you wanted to partially allow IPv6
> traffic through Teredo, but I think we have consensus that Teredo must
> not be used in managed networks instead of native IPv6 (or ISATAP by
> default), so deep inspection is indeed really useless here, and there
> is no need to upgrade the firewalling software either.

If there is consensus that Teredo should not be used in managed networks
then IMHO that should be stated publicly, since people may not realize the
security implications.  The reasonable use cases for Teredo aren't mentioned
in the RFC at all.

Do people have any comments on other parts of the I-D?

Incidentally, I am going to be talking about Vista networking and Teredo at
the Black Hat security conference on Aug 2.  I'd welcome your thoughts as to
what you think the take-away message should be regarding Teredo security
implications.

-- Jim

References:
- Re: New I-D: Teredo Security Concerns Beyond What Is In RFC 4380
  - From: Rémi Denis-Courmont <rdenis@simphalempin.com>

Prev by Date: IPv6 Deployment Panel at ICANN San Juan meeting
Next by Date: Re: IPv6 Deployment Panel at ICANN San Juan meeting
Previous by thread: Re: New I-D: Teredo Security Concerns Beyond What Is In RFC 4380
Next by thread: Edits to Teredo Security concerns
Index(es):
- Date
- Thread