[Homesec-dt] IPv6 Advanced Security...

Mark Townsley <mark@townsley.net> Tue, 16 March 2010 14:24 UTC

Return-Path: <mark@townsley.net>
X-Original-To: homesec-dt@core3.amsl.com
Delivered-To: homesec-dt@core3.amsl.com
Received: from localhost (localhost []) by core3.amsl.com (Postfix) with ESMTP id 6D6A23A6768 for <homesec-dt@core3.amsl.com>; Tue, 16 Mar 2010 07:24:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 3.524
X-Spam-Level: ***
X-Spam-Status: No, score=3.524 tagged_above=-999 required=5 tests=[BAYES_50=0.001, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, J_CHICKENPOX_13=0.6, MANGLED_TOOL=2.3]
Received: from mail.ietf.org ([]) by localhost (core3.amsl.com []) (amavisd-new, port 10024) with ESMTP id 8gjBYM-wtXfi for <homesec-dt@core3.amsl.com>; Tue, 16 Mar 2010 07:24:08 -0700 (PDT)
Received: from mail-gw0-f44.google.com (mail-gw0-f44.google.com []) by core3.amsl.com (Postfix) with ESMTP id 248DC3A6940 for <homesec-dt@ietf.org>; Tue, 16 Mar 2010 07:24:01 -0700 (PDT)
Received: by gwj18 with SMTP id 18so1881911gwj.31 for <homesec-dt@ietf.org>; Tue, 16 Mar 2010 07:24:07 -0700 (PDT)
MIME-Version: 1.0
Received: by with SMTP id q19mr6689agp.32.1268749447429; Tue, 16 Mar 2010 07:24:07 -0700 (PDT)
Date: Tue, 16 Mar 2010 15:24:07 +0100
Message-ID: <da57d4211003160724o54b19210p440cb62df958dae6@mail.gmail.com>
From: Mark Townsley <mark@townsley.net>
To: homesec-dt@ietf.org
Content-Type: multipart/alternative; boundary=001485f773901f7ec10481ebc0c3
Subject: [Homesec-dt] IPv6 Advanced Security...
X-BeenThere: homesec-dt@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: 'Advanced' Home Gateway Security Design Team List <homesec-dt.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/homesec-dt>, <mailto:homesec-dt-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/homesec-dt>
List-Post: <mailto:homesec-dt@ietf.org>
List-Help: <mailto:homesec-dt-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/homesec-dt>, <mailto:homesec-dt-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Mar 2010 14:24:09 -0000

"Homesec DT" members,

First, an apology. I created this list months ago with the intention of
kicking off discussion. This list contains the people who raised their hand
at the Hiroshima meeting and/or sent me email volunteering time to
participate in the advancement of the idea Eric V. and I presented at the
v6ops meeting there.

I subsequently dropped the ball. I have a long list of reasons/excuses,
personal and professional, as to why this is the case (not the least of
which is my new 2-week old daughter!), but this doesn't discount the fact
that I've left people hanging.

So, where are we?

First, Eric updated draft-vyncke-advanced-ipv6-security to -01, with minor
additions/modifications based on direct feedback and review. No major
overhaul though. The idea is still basically the same as presented in
Hiroshima, and the draft is certainly subject to more work before it is
ready for prime time. I will not be in Anaheim next week (I am still on
paternity leave, and the actual due date for the baby was yesterday). I'm
not sure if Eric will be presenting in v6ops.

I remember list & jabber discussion about taking some of the ideas in the
advanced-security document and bringing them into simple-security. In
particular, "Rule #7, ParanoidOpeness"- I'd like to see that at least be
discussed seriously before simple-security advances. Time is probably of the
essence here. If you think this is a good idea, feel free to grab on to it
and try to make it happen.

I still get the impression that there is a lot of interest around this idea,
and when I speak to people about it, initial skepticism almost inevitably
makes its way into some form of interest.

As for steps forward... we can do a number of things here. Perhaps a first
step is for some of you that will be in the same city next week to chat
about this. If there are any good ideas, I'll be happy to setup a webex
after you all return home for us to brainstorm about next steps. What I
would like to get an idea of is:

- The basic architecture of IPv6 advanced security (I think a good start are
the slides I used in Hiroshima)
- The areas that could use operational description (e.g., within the scope
of v6ops)
- The areas that could use functional definition (a start is in
- The interfaces that could use protocol standardization (we've talked and
hand-waived a bit about this)

If we can nail this down, we'll know better what could/should be done in the
IETF. Also, it could be input to the "homegate" interim meeting in April, if
we get our act together before then.

Finally, this email list is composed of just the "design team" volunteers
that agreed to help in Hiroshima. We can operate like this for a bit, but
soon (if not immediately) we'll need to move this to an open discussion. I'd
like to get an idea of where, and with what goal, first though, as we don't
want to create a list and invite people to it without knowing what the
discussion there is designed to achieve.

Again, sorry for not marching forth with a battle plan right after
Hiroshima. Hopefully we didn't lose too much time here. See you on email
while you are in California!

- Mark