[Homesec-dt] IPv6 Advanced Security...

[Mark Townsley <mark@townsley.net>]

"Homesec DT" members,

First, an apology. I created this list months ago with the intention of
kicking off discussion. This list contains the people who raised their hand
at the Hiroshima meeting and/or sent me email volunteering time to
participate in the advancement of the idea Eric V. and I presented at the
v6ops meeting there.

I subsequently dropped the ball. I have a long list of reasons/excuses,
personal and professional, as to why this is the case (not the least of
which is my new 2-week old daughter!), but this doesn't discount the fact
that I've left people hanging.

So, where are we?

First, Eric updated draft-vyncke-advanced-ipv6-security to -01, with minor
additions/modifications based on direct feedback and review. No major
overhaul though. The idea is still basically the same as presented in
Hiroshima, and the draft is certainly subject to more work before it is
ready for prime time. I will not be in Anaheim next week (I am still on
paternity leave, and the actual due date for the baby was yesterday). I'm
not sure if Eric will be presenting in v6ops.

I remember list & jabber discussion about taking some of the ideas in the
advanced-security document and bringing them into simple-security. In
particular, "Rule #7, ParanoidOpeness"- I'd like to see that at least be
discussed seriously before simple-security advances. Time is probably of the
essence here. If you think this is a good idea, feel free to grab on to it
and try to make it happen.

I still get the impression that there is a lot of interest around this idea,
and when I speak to people about it, initial skepticism almost inevitably
makes its way into some form of interest.

As for steps forward... we can do a number of things here. Perhaps a first
step is for some of you that will be in the same city next week to chat
about this. If there are any good ideas, I'll be happy to setup a webex
after you all return home for us to brainstorm about next steps. What I
would like to get an idea of is:

- The basic architecture of IPv6 advanced security (I think a good start are
the slides I used in Hiroshima)
- The areas that could use operational description (e.g., within the scope
of v6ops)
- The areas that could use functional definition (a start is in
draft-vyncke)
- The interfaces that could use protocol standardization (we've talked and
hand-waived a bit about this)

If we can nail this down, we'll know better what could/should be done in the
IETF. Also, it could be input to the "homegate" interim meeting in April, if
we get our act together before then.

Finally, this email list is composed of just the "design team" volunteers
that agreed to help in Hiroshima. We can operate like this for a bit, but
soon (if not immediately) we'll need to move this to an open discussion. I'd
like to get an idea of where, and with what goal, first though, as we don't
want to create a list and invite people to it without knowing what the
discussion there is designed to achieve.

Again, sorry for not marching forth with a battle plan right after
Hiroshima. Hopefully we didn't lose too much time here. See you on email
while you are in California!

- Mark