[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Submission of draft-ietf-v6ops-scanning-implications as informational
(1.a) Who is the Document Shepherd for this document? Has the
Document Shepherd personally reviewed this version of the
document and, in particular, does he or she believe this
version is ready for forwarding to the IESG for publication?
I am the document shepherd, and I believe that this is ready for
publication.
(1.b) Has the document had adequate review both from key WG members
and from key non-WG members? Does the Document Shepherd have
any concerns about the depth or breadth of the reviews that
have been performed?
The Acknowledgments sections notes a number of direct contributors:
Thanks are due to people in the 6NET project (www.6net.org) for
discussion of this topic, including Pekka Savola, Christian Strauf
and Martin Dunmore, as well as other contributors from the IETF
v6ops
and other mailing lists, including Tony Finch, David Malone, Bernie
Volz, Fred Baker, Andrew Sullivan, Tony Hain, Dave Thaler and Alex
Petrescu.
In addition, there was some discussion on the list and in the working
group, mostly in review.
(1.c) Does the Document Shepherd have concerns that the document
needs more review from a particular or broader perspective,
e.g., security, operational complexity, someone familiar with
AAA, internationalization, or XML?
No, I don't think it needs to have further review.
(1.d) Does the Document Shepherd have any specific concerns or
issues with this document that the Responsible Area Director
and/or the IESG should be aware of? For example, perhaps he
or she is uncomfortable with certain parts of the
document, or
has concerns whether there really is a need for it. In any
event, if the WG has discussed those issues and has indicated
that it still wishes to advance the document, detail those
concerns here. Has an IPR disclosure related to this
document
been filed? If so, please include a reference to the
disclosure and summarize the WG discussion and conclusion on
this issue.
In truth, I think the biggest value of the document is in debunking
some of the marketing concerning IPv6. The statement has been made
for some time that IPv6 is inherently more secure than IPv4 because
IPsec is an interior header rather than a sub-layer between IP and
its transport, and that the larger address space makes network
scanning an inefficient attack. In fact, the additional security of
IPv6 is debatable - there are other ways to scan a network, such as
sending a ping to the local broadcast address, and other ways to find
the systems on a LAN without directly sending a message to any of
them. The draft makes what I consider a fairly objective review of
the tactics that attackers and defenders might use and gives
practical advice intended to help operational staff ensure the
security of their networks.
(1.e) How solid is the WG consensus behind this document? Does it
represent the strong concurrence of a few individuals, with
others being silent, or does the WG as a whole understand and
agree with it?
As noted, there have been a number of reviewers and participants,
mostly one-on-one with the author. Working group review has reflected
a perception that the document is done and waiting for the IETF
process to push it out.
(1.f) Has anyone threatened an appeal or otherwise indicated
extreme
discontent? If so, please summarize the areas of conflict in
separate email messages to the Responsible Area Director.
(It
should be in a separate email because this questionnaire is
entered into the ID Tracker.)
Not to my knowledge.
(1.g) Has the Document Shepherd personally verified that the
document satisfies all ID nits? (See
http://www.ietf.org/ID-Checklist.html and
http://tools.ietf.org/tools/idnits/.) Boilerplate checks are
not enough; this check needs to be thorough.
Yes, and it passes those checks.
The result of the idnits tools is as follows:
idnits 2.04.09
tmp/draft-ietf-v6ops-scanning-implications-03.txt:
Checking boilerplate required by RFC 3978 and 3979, updated by RFC
4748:
------------------------------------------------------------------------
----
No issues found here.
Checking nits according to http://www.ietf.org/ietf/1id-
guidelines.txt:
------------------------------------------------------------------------
----
No issues found here.
Checking nits according to http://www.ietf.org/ID-Checklist.html:
------------------------------------------------------------------------
----
No issues found here.
Miscellaneous warnings:
------------------------------------------------------------------------
----
No issues found here.
Checking references for intended status: Informational
------------------------------------------------------------------------
----
No issues found here.
No nits found.
------------------------------------------------------------------------
--------
(1.h) Has the document split its references into normative and
informative? Are there normative references to documents
that
are not ready for advancement or are otherwise in an unclear
state? If such normative references exist, what is the
strategy for their completion? Are there normative
references
that are downward references, as described in [RFC3967]? If
so, list these downward references to support the Area
Director in the Last Call procedure for them [RFC3967].
The references have been split, in the sense that they are all
considered "informative". There are no "normative" references.
(1.i) Has the Document Shepherd verified that the document's IANA
Considerations section exists and is consistent with the body
of the document?
There are no IANA considerations for this document, and the IANA
considerations section says that.
(1.j) Has the Document Shepherd verified that sections of the
document that are written in a formal language, such as XML
code, BNF rules, MIB definitions, etc., validate correctly in
an automated checker?
there are no such sections.
(1.k) The IESG approval announcement includes a Document
Announcement Write-Up. Please provide such a Document
Announcement Write-Up. Recent examples can be found in the
"Action" announcements for approved documents. The approval
announcement contains the following sections:
Technical Summary
The 128 bits of IPv6 address space is considerably bigger than the 32
bits of address space of IPv4. In particular, the IPv6 subnets to
which hosts attach will by default have 64 bits of host address
space. As a result, traditional methods of remote TCP or UDP network
scanning to discover open or running services on a host will
potentially become less feasible, due to the larger search space in
the subnet. In addition automated attacks, such as those performed by
network worms, that pick random host addresses to propagate to, may
be hampered. This document discusses this property of IPv6 and
describes related issues for IPv6 site network administrators to
consider, which may be of importance when planning site address
allocation and management strategies. While traditional network
scanning probes (whether by individuals or automated via network
worms) may become less common, administrators should be aware of
other methods attackers may use to discover IPv6 addresses on a
target network, and also be aware of appropriate measures to mitigate
them.
Working Group Summary
The working group process was uneventful.
Document Quality
The document addresses the widespread practice in IPv4 of scanning a
network to detect the presence of hosts, how hosts might be detected
in an IPv6 network, and how an administration might defend against
those attacks. The working group generally believes that it will be
helpful to an IPv6 network administration.
Personnel
The Document Shepherd is Fred Baker. Ron Bonica is He Who Is
Responsible.