[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: draft-ietf-v6ops-unman-scenarios-02.txt
- To: iesg <iesg@ietf.org>
- Subject: Re: draft-ietf-v6ops-unman-scenarios-02.txt
- From: Randy Bush <randy@psg.com>
- Date: Wed, 9 Jul 2003 17:01:11 +0200
i have lost who had the second comment! help!
randy
---
From: Pekka Savola <pekkas@netcore.fi>
To: Randy Bush <randy@psg.com>
cc: mrw@windriver.com, <bob@thefinks.com>
Subject: Re: draft-ietf-v6ops-unman-scenarios-02.txt
Date: Wed, 9 Jul 2003 12:47:11 +0300 (EEST)
Hi,
Has there been progress with the write-up of the second comment?
Thanks
On Thu, 26 Jun 2003, Randy Bush wrote:
> in today's iesg call, draft-ietf-v6ops-unman-scenarios-02.txt was
> reviewed. there were two comments, one of which is written up now
> and is appended. the other will be coming shortly.
>
> i believe that these comments will need a new rev of the docuemnt.
>
> randy
>
> ---
>
> The Security Considerations of this document largely say that
> security will be covered in a companion document, but there is a
> short list of topics covered in this document. This list should
> add one that is very important to the unmanaged scenarios (related
> to the recommendation in Section 5.1.2):
>
>
> Security considerations are discussed as part of the
> applications' requirements. They include:
>
> - the guarantee that local applications are only used locally,
> - the protection of the privacy of clients
> - the requirement that peer-to-peer connections are only used
> by authorized peers.
>
> Applications in the unmanaged scenarios also need to be protected
> from risks associated with the transition tools, for example,
> access to their net through an opportunistic tunnel if the
> IPv6-over-UDP service is not well-designed. So I think that it
> would be reasonable to add to Section 5.1.2 and to the Security
> Considerations some statement about securing the recommended
> tunneling approaches. Here's some suggested words for the
> Security Considerations:
>
> - the requirement that tunneling protocols used for IPv6 access
> over IPv4 be designed for secure use; the related requirement
> that servers in in the infrastructure supporting this
> tunneling be designed not to be vulnerable to abuse.
>
> (Or something like that).
>
> Nit:
>
> In practice, updating the DNS can be slow, which implies that
> server applications will have a better chance of being deployed
> if the IPv6 addresses remain stable for a long period.
>
> Oversimplified operational statement. Does it belong in this
> document?
>
> -30-
>
>
--
Pekka Savola "You each name yourselves king, yet the
Netcore Oy kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings
------- end of forwarded message -------