Re: [v6ops] ITU-T SG17 IPv6 security work items liaison

Eliot Lear <lear@cisco.com> Mon, 06 June 2011 10:06 UTC

Return-Path: <lear@cisco.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9D2A911E80F0; Mon, 6 Jun 2011 03:06:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -110.598
X-Spam-Level:
X-Spam-Status: No, score=-110.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-8, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IQUBFjuXwGao; Mon, 6 Jun 2011 03:06:37 -0700 (PDT)
Received: from ams-iport-1.cisco.com (ams-iport-1.cisco.com [144.254.224.140]) by ietfa.amsl.com (Postfix) with ESMTP id 54F0711E808C; Mon, 6 Jun 2011 03:06:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=lear@cisco.com; l=7439; q=dns/txt; s=iport; t=1307354797; x=1308564397; h=message-id:date:from:mime-version:to:cc:subject: references:in-reply-to; bh=1uYQGLju7XRr6KKlj3vz0+0SQKDvRvj2ZAbOgZXNl/s=; b=GahtMpq8ogb0webfuD430Y2xoxLU/tlN5idcn4rBommQvea4m5s4Fnkw 70GfGyb3RIcYM1SRs/SJgqzLv7tb38a+9s+OMuga/O0qaNYdYgXFCh21H HDTmwv17WklLiSdrGN3StGg53spGmknl9efnmHMKDLUPKnirG9zy91x3X w=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: Av0EALul7E1Io8UQ/2dsb2JhbABThEqhcHetV40JkBmFF4EKBJB5jzw
X-IronPort-AV: E=Sophos; i="4.65,325,1304294400"; d="scan'208,217"; a="92408112"
Received: from bgl-core-1.cisco.com ([72.163.197.16]) by ams-iport-1.cisco.com with ESMTP; 06 Jun 2011 10:06:05 +0000
Received: from dhcp-10-55-89-175.cisco.com (dhcp-10-55-89-175.cisco.com [10.55.89.175]) by bgl-core-1.cisco.com (8.14.3/8.14.3) with ESMTP id p56A62MF020755; Mon, 6 Jun 2011 10:06:02 GMT
Message-ID: <4DECA68A.6080305@cisco.com>
Date: Mon, 06 Jun 2011 12:06:02 +0200
From: Eliot Lear <lear@cisco.com>
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.17) Gecko/20110414 Lightning/1.0b2 Thunderbird/3.1.10
MIME-Version: 1.0
To: Arturo Servin <arturo.servin@gmail.com>
References: <4DEA6323.4070302@cs.tcd.ie> <20110605031045.GK88250@verdi> <B0462FE5-02E9-4CDD-B16B-F63198AEE3C5@gmail.com>
In-Reply-To: <B0462FE5-02E9-4CDD-B16B-F63198AEE3C5@gmail.com>
X-Enigmail-Version: 1.1.1
Content-Type: multipart/alternative; boundary="------------070307020309060605080903"
X-Mailman-Approved-At: Mon, 06 Jun 2011 03:10:35 -0700
Cc: IPv6 Operations <v6ops@ietf.org>, ipv6@ietf.org, saag@ietf.org, "Turner, Sean P." <turners@ieca.com>, John Leslie <john@jlc.net>, Stephen Farrell <stephen.farrell@cs.tcd.ie>
Subject: Re: [v6ops] ITU-T SG17 IPv6 security work items liaison
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/v6ops>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Jun 2011 10:06:38 -0000

Arturo,

On 6/5/11 10:30 PM, Arturo Servin wrote:
> 	I do not see why the ITU has to start from zero. There are several (or some at least) very good RFC and I+D documents related to IPv6 security. I think we should recommend them to ITU, it is good that they let us know, it would be better if  they use our work as a foundation.


There are several specific areas of interest that you can view at
https://datatracker.ietf.org/documents/LIAISON/file1228.pdf.  The
chairman and vice-chairman of the ITU's security area, SG17, are
informing us that two of their working groups which the ITU-T calls
Questions will be taking on new work relating to IPv6.

Let's review the two work items:

The first thing to note is that X.ipv6-secguide is targeted to be a
deployment guide.  We need more of these for IPv6 and we should welcome
the ITU-T's involvement.

The second document, X.mgv6 is meant to be "management guidelines for
implementation of IPv6".   We provide a fair amount of this sort of
guidance in our collective works.  Also, the difference between
implementation guidance and normative statements can be very narrow. 
Therefore, this is the area most likely to have overlap.  The best way
to address that overlap is to communicate effectively through the
liaison process, and perhaps to also participate directly in the
meetings, when possible.

Here the chairman and vice-chairman of SG17 have recognized that the
IETF is an important player in the work to be done.  While no response
has been requested, it would be wise for us to provide the relevant
related work so, as you say, the ITU-T doesn't attempt to start from
scratch.  I hasten to point out that they are by no means starting from
scratch, but we should still provide them relevant guidance.  So what is
relevant guidance?  That can take several different forms:

   1. Direct participation in the Study Group meetings.  Study Group
      meetings are open to Member States and Sector Members.  ISOC is a
      Sector Member.  The IETF on its own is not.
   2. Concise and relevant liaison statements.  As this work is just
      beginning, we can point to not only the published RFCs that are
      relevant, and they include not only RFC 4294 and
      draft-ietf-6man-node-req-bis (and we can reference this as a work
      in progress, and in fact invite comment), but also relevant
      portions of other RFCs, particular their relevant Security
      Considerations sections.
   3. Informal consultations with ITU-T participants.  Believe it or
      not, this is often the most effective way to contribute.

At the same time we should invite SG17 to provide us any feedback on our
works, especially when they discover any of the following:

    * A security problem;
    * An obstacle to deployment; or
    * An interoperability problem.

While this solicitation should not be limited to the ITU-T, that
organization has a reach into the developing world that quite frankly we
do not, and they may spot issues that relate to certain environments.

Hope this helps,

Eliot