Hi Stephen,
Please consider adding the following RFCs to the list.
RFC3756 IPv6 Neighbor Discovery (ND) Trust Models and Threats
RFC4890 Recommendations for Filtering ICMPv6 Messages in Firewalls
RFC4942 IPv6 Transition/Co-existence Security Considerations
RFC5157 IPv6 Implications for Network Scanning
Thanks
Suresh
On 11-06-13 07:09 PM, Stephen Farrell wrote:
All,
Thanks for the feedback on this liaison. Eliot (mostly)
and I (a bit) have tried to capture all that in the
text below. Please send any comments on that (with
specific alternative text) in the next week and then
we'll shoot it on to them.
RFC 3514 does have some words about IPv6 - should I
add that as a reference? :-)
Thanks,
Stephen.
From: IETF Security Area
To: Study Group 17, Questions 2 and 3
Title: Work on Security of IPv6
FOR ACTION
The IETF thanks Study Group 17 for its liaison LS-206 "Liaison on IPv6
security issues". As the world transitions to IPv6, new opportunities
and challenges and challenges arise. SG17's new focus on deployment and
implementation considerations reflects this reality. We would like to
bring to your attention the following work which we believe may prove a
useful basis for both X.ipv6-secguide and X.mgv6:
* RFC 4294 – "IPv6 Node Requirements" (N.B., this work is currently
under revision)
* draft-ietf-6man-node-req-bis (work in progress) – "IPv6 Node
Requirements RFC 4294-bis"
* RFC 4864 – "Local Network Protection for IPv6"
* RFC 6092 – "Recommended Simple Security Capabilities in Customer
Premise Equipment (CPE) for Providing Residential IPv6 Internet
Service"
* RFC 6105 – "IPv6 Router Advertisement Guard"
* RFC 6106 – "IPv6 Router Advertisement Options for DNS
Configuration", §7 in particular.
As you are aware, every RFC contains a Security Considerations section.
In developing either a implementation or deployment guide, contributors
are strongly encouraged to review the RFCs and Internet-Drafts that
support any underlying function.
In addition, we bring to your attention the following IETF Working
Groups that are working on security-related work of IPv6:
Working Group Purpose Mailing list address
Name
6man IPv6 Maintenance [email protected]
savi Source Address Validation [email protected]
Improvements
dhc Dynamic Host Configuration [email protected]
v6ops IPv6 Operations [email protected]
opsec Operational Security [email protected]
Capabilities for an IP
Network
In addition to the above working groups, the Security Area of the IETF
maintains a mailing list for general discussion, [email protected]. We
encourage and invite open and informal discussion in these or other
relevant IETF fora on this very important topic. As with all IETF
working groups, any and all interested parties can choose to directly
contribute via the mailing lists above.
As in other areas, the Security Area of the IETF invites SG17 to bring
any new-found concerns about IETF protocols to our attention so that as
and when we revise our documents we can make appropriate amendments to
IETF protocols. In particular, as this planned work matures, we would
welcome hearing about it in more detail, perhaps via an invited
presentation at a saag meeting or via review of draft documents as may
be appropriate.
--------------------------------------------------------------------
IETF IPv6 working group mailing list
[email protected]
Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------
--------------------------------------------------------------------
IETF IPv6 working group mailing list
[email protected]
Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------
