[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: draft-ietf-v6ops-unman-scenarios-02.txt

To: iesg <iesg@ietf.org>
Subject: Re: draft-ietf-v6ops-unman-scenarios-02.txt
From: Randy Bush <randy@psg.com>
Date: Wed, 9 Jul 2003 17:01:11 +0200

i have lost who had the second comment!  help!

randy

---

From: Pekka Savola <pekkas@netcore.fi>
To: Randy Bush <randy@psg.com>
cc: mrw@windriver.com, <bob@thefinks.com>
Subject: Re: draft-ietf-v6ops-unman-scenarios-02.txt
Date: Wed, 9 Jul 2003 12:47:11 +0300 (EEST)

Hi,

Has there been progress with the write-up of the second comment?

Thanks

On Thu, 26 Jun 2003, Randy Bush wrote:
> in today's iesg call, draft-ietf-v6ops-unman-scenarios-02.txt was
> reviewed.  there were two comments, one of which is written up now
> and is appended.  the other will be coming shortly.
> 
> i believe that these comments will need a new rev of the docuemnt.
> 
> randy
> 
> ---
> 
> The Security Considerations of this document largely say that
> security will be covered in a companion document, but there is a
> short list of topics covered in this document.  This list should
> add one that is very important to the unmanaged scenarios (related
> to the recommendation in Section 5.1.2):
> 
> 
>    Security considerations are discussed as part of the
>    applications' requirements. They include:
>    
>    - the guarantee that local applications are only used locally,
>    - the protection of the privacy of clients
>    - the requirement that peer-to-peer connections are only used
>      by authorized peers.
> 
> Applications in the unmanaged scenarios also need to be protected
> from risks associated with the transition tools, for example,
> access to their net through an opportunistic tunnel if the
> IPv6-over-UDP service is not well-designed.  So I think that it
> would be reasonable to add to Section 5.1.2 and to the Security
> Considerations some statement about securing the recommended
> tunneling approaches.  Here's some suggested words for the
> Security Considerations:
> 
>    - the requirement that tunneling protocols used for IPv6 access
>      over IPv4 be designed for secure use; the related requirement
>      that servers in in the infrastructure supporting this
>      tunneling be designed not to be vulnerable to abuse.
> 
> (Or something like that). 
> 
> Nit:
> 
>    In practice, updating the DNS can be slow, which implies that
>    server applications will have a better chance of being deployed
>    if the IPv6 addresses remain stable for a long period.
> 
> Oversimplified operational statement.  Does it belong in this
> document?
> 
> -30-
> 
> 

-- 
Pekka Savola                 "You each name yourselves king, yet the
Netcore Oy                    kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings

------- end of forwarded message -------

Follow-Ups:
- Re: draft-ietf-v6ops-unman-scenarios-02.txt
  - From: Thomas Narten <narten@us.ibm.com>
- Re: draft-ietf-v6ops-unman-scenarios-02.txt
  - From: Randy Bush <randy@psg.com>

Prev by Date: Re: draft-ietf-ngtrans-ipv6-smtp-requirement
Next by Date: Re: take 2: DNP for draft-song-pppext-sip-support-02.txt
Previous by thread: Re: draft-savola-ipv6-127-prefixlen
Next by thread: Re: draft-ietf-v6ops-unman-scenarios-02.txt
Index(es):
- Date
- Thread