Re: [v6ops] ITU-T SG17 IPv6 security work items liaison
Eliot Lear <lear@cisco.com> Mon, 06 June 2011 10:06 UTC
Return-Path: <lear@cisco.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9D2A911E80F0; Mon, 6 Jun 2011 03:06:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -110.598
X-Spam-Level:
X-Spam-Status: No, score=-110.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-8, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IQUBFjuXwGao; Mon, 6 Jun 2011 03:06:37 -0700 (PDT)
Received: from ams-iport-1.cisco.com (ams-iport-1.cisco.com [144.254.224.140]) by ietfa.amsl.com (Postfix) with ESMTP id 54F0711E808C; Mon, 6 Jun 2011 03:06:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=lear@cisco.com; l=7439; q=dns/txt; s=iport; t=1307354797; x=1308564397; h=message-id:date:from:mime-version:to:cc:subject: references:in-reply-to; bh=1uYQGLju7XRr6KKlj3vz0+0SQKDvRvj2ZAbOgZXNl/s=; b=GahtMpq8ogb0webfuD430Y2xoxLU/tlN5idcn4rBommQvea4m5s4Fnkw 70GfGyb3RIcYM1SRs/SJgqzLv7tb38a+9s+OMuga/O0qaNYdYgXFCh21H HDTmwv17WklLiSdrGN3StGg53spGmknl9efnmHMKDLUPKnirG9zy91x3X w=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: Av0EALul7E1Io8UQ/2dsb2JhbABThEqhcHetV40JkBmFF4EKBJB5jzw
X-IronPort-AV: E=Sophos; i="4.65,325,1304294400"; d="scan'208,217"; a="92408112"
Received: from bgl-core-1.cisco.com ([72.163.197.16]) by ams-iport-1.cisco.com with ESMTP; 06 Jun 2011 10:06:05 +0000
Received: from dhcp-10-55-89-175.cisco.com (dhcp-10-55-89-175.cisco.com [10.55.89.175]) by bgl-core-1.cisco.com (8.14.3/8.14.3) with ESMTP id p56A62MF020755; Mon, 6 Jun 2011 10:06:02 GMT
Message-ID: <4DECA68A.6080305@cisco.com>
Date: Mon, 06 Jun 2011 12:06:02 +0200
From: Eliot Lear <lear@cisco.com>
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.17) Gecko/20110414 Lightning/1.0b2 Thunderbird/3.1.10
MIME-Version: 1.0
To: Arturo Servin <arturo.servin@gmail.com>
References: <4DEA6323.4070302@cs.tcd.ie> <20110605031045.GK88250@verdi> <B0462FE5-02E9-4CDD-B16B-F63198AEE3C5@gmail.com>
In-Reply-To: <B0462FE5-02E9-4CDD-B16B-F63198AEE3C5@gmail.com>
X-Enigmail-Version: 1.1.1
Content-Type: multipart/alternative; boundary="------------070307020309060605080903"
X-Mailman-Approved-At: Mon, 06 Jun 2011 03:10:35 -0700
Cc: IPv6 Operations <v6ops@ietf.org>, ipv6@ietf.org, saag@ietf.org, "Turner, Sean P." <turners@ieca.com>, John Leslie <john@jlc.net>, Stephen Farrell <stephen.farrell@cs.tcd.ie>
Subject: Re: [v6ops] ITU-T SG17 IPv6 security work items liaison
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/v6ops>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Jun 2011 10:06:38 -0000
Arturo, On 6/5/11 10:30 PM, Arturo Servin wrote: > I do not see why the ITU has to start from zero. There are several (or some at least) very good RFC and I+D documents related to IPv6 security. I think we should recommend them to ITU, it is good that they let us know, it would be better if they use our work as a foundation. There are several specific areas of interest that you can view at https://datatracker.ietf.org/documents/LIAISON/file1228.pdf. The chairman and vice-chairman of the ITU's security area, SG17, are informing us that two of their working groups which the ITU-T calls Questions will be taking on new work relating to IPv6. Let's review the two work items: The first thing to note is that X.ipv6-secguide is targeted to be a deployment guide. We need more of these for IPv6 and we should welcome the ITU-T's involvement. The second document, X.mgv6 is meant to be "management guidelines for implementation of IPv6". We provide a fair amount of this sort of guidance in our collective works. Also, the difference between implementation guidance and normative statements can be very narrow. Therefore, this is the area most likely to have overlap. The best way to address that overlap is to communicate effectively through the liaison process, and perhaps to also participate directly in the meetings, when possible. Here the chairman and vice-chairman of SG17 have recognized that the IETF is an important player in the work to be done. While no response has been requested, it would be wise for us to provide the relevant related work so, as you say, the ITU-T doesn't attempt to start from scratch. I hasten to point out that they are by no means starting from scratch, but we should still provide them relevant guidance. So what is relevant guidance? That can take several different forms: 1. Direct participation in the Study Group meetings. Study Group meetings are open to Member States and Sector Members. ISOC is a Sector Member. The IETF on its own is not. 2. Concise and relevant liaison statements. As this work is just beginning, we can point to not only the published RFCs that are relevant, and they include not only RFC 4294 and draft-ietf-6man-node-req-bis (and we can reference this as a work in progress, and in fact invite comment), but also relevant portions of other RFCs, particular their relevant Security Considerations sections. 3. Informal consultations with ITU-T participants. Believe it or not, this is often the most effective way to contribute. At the same time we should invite SG17 to provide us any feedback on our works, especially when they discover any of the following: * A security problem; * An obstacle to deployment; or * An interoperability problem. While this solicitation should not be limited to the ITU-T, that organization has a reach into the developing world that quite frankly we do not, and they may spot issues that relate to certain environments. Hope this helps, Eliot
- [v6ops] ITU-T SG17 IPv6 security work items liais… Stephen Farrell
- Re: [v6ops] ITU-T SG17 IPv6 security work items l… John Leslie
- Re: [v6ops] ITU-T SG17 IPv6 security work items l… Fred Baker
- Re: [v6ops] ITU-T SG17 IPv6 security work items l… Tina Tsou
- Re: [v6ops] ITU-T SG17 IPv6 security work items l… Fred Baker
- Re: [v6ops] ITU-T SG17 IPv6 security work items l… Arturo Servin
- Re: [v6ops] ITU-T SG17 IPv6 security work items l… Eliot Lear
- Re: [v6ops] ITU-T SG17 IPv6 security work items l… Stephen Farrell
- Re: [v6ops] ITU-T SG17 IPv6 security work items l… Williams, Marcus (Contractor)
- Re: [v6ops] ITU-T SG17 IPv6 security work items l… Fernando Gont
- Re: [v6ops] [saag] ITU-T SG17 IPv6 security work … Stephen Farrell
- Re: [v6ops] [saag] ITU-T SG17 IPv6 security work … Stephen Farrell
- Re: [v6ops] [saag] ITU-T SG17 IPv6 security work … Russ Housley
- Re: [v6ops] [saag] ITU-T SG17 IPv6 security work … Bob Hinden
- Re: [v6ops] [saag] ITU-T SG17 IPv6 security work … Stephen Farrell
- Re: [v6ops] [saag] ITU-T SG17 IPv6 security work … Nick Hilliard
- Re: [v6ops] [saag] ITU-T SG17 IPv6 security work … Stephen Farrell
- Re: [v6ops] [saag] ITU-T SG17 IPv6 security work … Suresh Krishnan
- Re: [v6ops] [saag] ITU-T SG17 IPv6 security work … Joe Touch
- Re: [v6ops] [saag] ITU-T SG17 IPv6 security work … Stephen Farrell
- Re: [v6ops] [saag] ITU-T SG17 IPv6 security work … Joe Touch
- Re: [v6ops] [saag] ITU-T SG17 IPv6 security work … Fred Baker
- Re: [v6ops] [saag] ITU-T SG17 IPv6 security work … Stephen Farrell
- Re: [v6ops] [saag] ITU-T SG17 IPv6 security work … Tim Chown
- Re: [v6ops] [saag] ITU-T SG17 IPv6 security work … Eliot Lear
- Re: [v6ops] [saag] ITU-T SG17 IPv6 security work … t.petch
- Re: [v6ops] [saag] ITU-T SG17 IPv6 security work … Eliot Lear
- Re: [v6ops] [saag] ITU-T SG17 IPv6 security work … Joe Touch