I see GTSM lightly mentioned here: "4.1. BGP
The threats and mitigation techniques are identical between IPv4 and IPv6. Broadly speaking they are: o Authenticating the TCP session; o TTL security (which becomes hop-limit security in IPv6); o Prefix Filtering. These are explained in more detail in section Section 2.5." But 2.5 doesn't talk to hop limit or GTSM at all. if (initial_ttl!=255) then (rfc5082_compliant==0) [email protected] ________________________________________ From: OPSEC [[email protected]] on behalf of [email protected] [[email protected]] Sent: Monday, March 11, 2019 3:23 PM To: [email protected] Cc: [email protected] Subject: [OPSEC] I-D Action: draft-ietf-opsec-v6-16.txt A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Operational Security Capabilities for IP Network Infrastructure WG of the IETF. Title : Operational Security Considerations for IPv6 Networks Authors : Eric Vyncke Kiran K. Chittimaneni Merike Kaeo Enno Rey Filename : draft-ietf-opsec-v6-16.txt Pages : 50 Date : 2019-03-11 Abstract: Knowledge and experience on how to operate IPv4 securely is available: whether it is the Internet or an enterprise internal network. However, IPv6 presents some new security challenges. RFC 4942 describes the security issues in the protocol but network managers also need a more practical, operations-minded document to enumerate advantages and/or disadvantages of certain choices. This document analyzes the operational security issues in several places of a network (enterprises, service providers and residential users) and proposes technical and procedural mitigations techniques. Some very specific place of a network such as Internet of Things are not discussed in this document. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-opsec-v6/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-opsec-v6-16 https://datatracker.ietf.org/doc/html/draft-ietf-opsec-v6-16 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-opsec-v6-16 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ _______________________________________________ OPSEC mailing list [email protected] https://www.ietf.org/mailman/listinfo/opsec This communication is the property of CenturyLink and may contain confidential or privileged information. Unauthorized use of this communication is strictly prohibited and may be unlawful. If you have received this communication in error, please immediately notify the sender by reply e-mail and destroy all copies of the communication and any attachments. _______________________________________________ OPSEC mailing list [email protected] https://www.ietf.org/mailman/listinfo/opsec
