Pekka Savola wrote:
On Thu, 27 May 2004, Brian E Carpenter wrote:
12.0 Security Considerations
Local IPv6 addresses do not provide any inherent security to the
nodes that use them. They may be used with filters at site
boundaries to keep Local IPv6 traffic inside of the site, but this is
no more or less secure than filtering any other type of global IPv6
unicast addresses.
This is true, but it undersells the proposal, given the current state of
enterprise security models. Can we add:
From a security viewpoint, such filtering is exactly equivalent to the
filtering of ambiguous IPv4 addresses [RFC1918] at a site boundary. Hosts
whose local addresses are filtered are invisible from outside the site. If
such a host needs, and is authorized to have, external access, it must do
so using an additional, globally routeable, IPv6 address.
You have implicit assumptions about what you mean with 'external
access'. Did you mean something like, "access by external
[non-unique-local-addressed] users"? Because you will be able to
access external hosts from the unique-local hosts through proxies etc.
I meant (see RFC 2775 :-) IP level transparent access from internal hosts
to external servers, which many if not most corporate users are denied
today. The proxy discussion is another matter. (I'm assuming that access
to internal hosts from external servers will use a DMZ with global
addresses, as today.)
But the practical details of this belong in v6ops. All I suggest we do here
is make IPv6 unique local addresses look attractive for security by
obscurity. Many of us here probably don't believe in security by obscurity,
but most corporate network managers do, and we need them on board.
Brian
--------------------------------------------------------------------
IETF IPv6 working group mailing list
[EMAIL PROTECTED]
Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------
