Folks, We have published a new I-D on "Requirements for IPv6 Firewalls"
The I-D is available at: <http://tools.ietf.org/html/draft-gont-opsec-ipv6-firewall-reqs-00> The goals of this first (and drafty) version of the document are as follows: 1) Agree on a rationale to write this spec. For example, one possible rationale is "aim at providing parity of features with IPv4". Another one could be that "should should aim a little higher". For example, in the light of draft-farrell-perpass-attack we may aim at requiring some confidentiality features that might not be that common in IPv4 firewalls. 2) Expose different aspects of firewalls that we may want to standardize. High-level feedback along the lines of "this other aspect is missing, and should be added" or "we probably should not address this or that other aspect" are very valuable. 3) Discussion of concrete requirements. Here the feedback would be in the form of "This or that requirement is missing", "this or that requirement doesn't make sense and should be eliminated", etc. And for each of those that we keep in, arguments in favor of "mandatory", "recommended", or "optional" (i.e., what the level of each requirement should be). It would be great if you could post any feedback on the opsec wg mailing-list (Instructions here: <https://www.ietf.org/mailman/listinfo/opsec>). But in any case feel free to discuss this document on this list (ipv6-ops) while CC'ing <draft-gont-opsec-ipv6-firewall-r...@tools.ietf.org>. P.S.: Regardless of what we end up doing with this I-D, etc., I think the brainstorming would be fruitful. :-) Thanks! Best regards, Fernando -------- Original Message -------- From: internet-dra...@ietf.org To: Will Liu <liushuch...@huawei.com>, "Shucheng LIU (Will)" <liushuch...@huawei.com>, Fernando Gont <fg...@si6networks.com>, "Fernando Gont" <fg...@si6networks.com>, Marco Ermini <marco.erm...@resmed.com>, "Marco Ermini" <marco.erm...@resmed.com> Subject: New Version Notification for draft-gont-opsec-ipv6-firewall-reqs-00.txt Date: Fri, 14 Feb 2014 16:00:33 -0800 A new version of I-D, draft-gont-opsec-ipv6-firewall-reqs-00.txt has been successfully submitted by Fernando Gont and posted to the IETF repository. Name: draft-gont-opsec-ipv6-firewall-reqs Revision: 00 Title: Requirements for IPv6 Firewalls Document date: 2014-02-15 Group: Individual Submission Pages: 12 URL: http://www.ietf.org/internet-drafts/draft-gont-opsec-ipv6-firewall-reqs-00.txt Status: https://datatracker.ietf.org/doc/draft-gont-opsec-ipv6-firewall-reqs/ Htmlized: http://tools.ietf.org/html/draft-gont-opsec-ipv6-firewall-reqs-00 Abstract: While there are a large number of documents discussing IP and IPv6 packet filtering, requirements for IPv6 firewalls have never been specified in the RFC series. When it comes to IPv6, the more limited experience with the protocols, and reduced variety of products has made it rather difficult to specify what are reasonable features to be expected from an IPv6 firewall. This has typically been a problem for network operators, who typically have to produce a "Request for Proposal" (from scratch) that describes such features. This document specifies a set of requirements for IPv6 firewalls, marked as "mandatory", "recommended", or "optional". Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. The IETF Secretariat -- Fernando Gont e-mail: ferna...@gont.com.ar || fg...@si6networks.com PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1