Re: [v6ops] ITU-T SG17 IPv6 security work items liaison

Stephen Farrell <stephen.farrell@cs.tcd.ie> Mon, 06 June 2011 11:41 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 56DA211E80F8; Mon, 6 Jun 2011 04:41:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.599
X-Spam-Level:
X-Spam-Status: No, score=-106.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KcGkv6PgkxUu; Mon, 6 Jun 2011 04:41:40 -0700 (PDT)
Received: from scss.tcd.ie (hermes.cs.tcd.ie [134.226.32.56]) by ietfa.amsl.com (Postfix) with ESMTP id 2D04211E80D6; Mon, 6 Jun 2011 04:41:40 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by hermes.scss.tcd.ie (Postfix) with ESMTP id 5A76C171C18; Mon, 6 Jun 2011 12:41:39 +0100 (IST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; h= content-transfer-encoding:content-type:in-reply-to:references :subject:mime-version:user-agent:from:date:message-id:received :received:x-virus-scanned; s=cs; t=1307360497; bh=HGQZCafMYnnf4+ cQeY11uzwY5tWANiICFL/8uDkNxpc=; b=uuju7tFoXlq6V7j4TQGbUxhLmSXQ/P EzPwhIvHKGeDqINtSypNv6oimK3d1264ZRpmnMZgK6mu/toqCVoYeo5o4jBlxIeG DZ4Mmul6h47NwGgIwUUQw2PKwvJO91Qt1H+K0hpviG1crqV5iWiP1qNFALBqagHQ s8EZmA5IVcYa6pTsmj6VO9h4LoGxTLG0m7avfJ3+inkTDfUoGWZa1iWijSLBqwse WjLWBORn/Q59GfcpiXn6TtsKkX1CmzGfnN2JmS5gZxKVa1X4FxUvbjcO3H63Jcaw LbosmpcuFhP2F+AMMwgM2UhGpFoU6zxkl1ToBOjXBNgrrldZfhl5O+QA==
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from scss.tcd.ie ([127.0.0.1]) by localhost (scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10027) with ESMTP id o8oaWcScZvBj; Mon, 6 Jun 2011 12:41:37 +0100 (IST)
Received: from [10.87.48.9] (unknown [86.42.182.86]) by smtp.scss.tcd.ie (Postfix) with ESMTPSA id 2C0D8171C17; Mon, 6 Jun 2011 12:41:35 +0100 (IST)
Message-ID: <4DECBCEE.6070108@cs.tcd.ie>
Date: Mon, 06 Jun 2011 12:41:34 +0100
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.17) Gecko/20110424 Lightning/1.0b2 Thunderbird/3.1.10
MIME-Version: 1.0
To: Arturo Servin <arturo.servin@gmail.com>
References: <4DEA6323.4070302@cs.tcd.ie> <20110605031045.GK88250@verdi> <B0462FE5-02E9-4CDD-B16B-F63198AEE3C5@gmail.com>
In-Reply-To: <B0462FE5-02E9-4CDD-B16B-F63198AEE3C5@gmail.com>
X-Enigmail-Version: 1.1.1
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Cc: IPv6 Operations <v6ops@ietf.org>, ipv6@ietf.org, Eliot Lear <lear@cisco.com>, saag@ietf.org, "Turner, Sean P." <turners@ieca.com>, John Leslie <john@jlc.net>
Subject: Re: [v6ops] ITU-T SG17 IPv6 security work items liaison
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/v6ops>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Jun 2011 11:41:41 -0000

On 05/06/11 21:30, Arturo Servin wrote:
> 
> 	I do not see why the ITU has to start from zero. 

What Eliot said.

> There are several (or some at least) very good RFC and I+D documents related to IPv6 security. 

Sure. Feel free to send RFC numbers and we'll include
some in the draft response that we'll circulate in a
while. (So no need to spam everyone with those, just
sending your suggestions to Eliot, Sean and I will be
enough.)

Thanks,
S.



> I think we should recommend them to ITU, it is good that they let us
know, it would be better if  they use our work as a foundation.
> 
> just my 20 cents
> -as
> 
> 
> On 5 Jun 2011, at 00:10, John Leslie wrote:
> 
>> Stephen Farrell <stephen.farrell@cs.tcd.ie> wrote:
>>>
>>> We received a liaison [1] from ITU-T saying they're
>>> planning to start a couple of work items on the
>>> security of IPv6. As far as we know, they envisage
>>> developing a "technical guideline on deploying IPv6"
>>> and "Security Management Guideline for implementation
>>> of IPv6 environment in telecommunications
>>> organizations." Bear in mind that they're just starting
>>> so they know about as much as we would just before a
>>> BoF or something like that.
>>>
>>> I think we'd like to respond to them that that's great,
>>> and we'll be interested in their results, but can they
>>> *please* come back to us before saying something should
>>> be changed so's we can talk about it.
>>
>>   I don't think that's quite right. We should welcome their studying
>> security issues; but I think we need to _strongly_ encourage them to
>> start from draft-ietf-6man-node-req-bis when it becomes an RFC -- since
>> it has _significant_ changes from RFC 4294 (and an ITU-T study based
>> on RFC4294 will be of rather limited value).
>>
>>   Furthermore, ITU-T should NOT propose "changes" to IPv6 protocol
>> or the Node Requirements. The language there should talk of documenting
>> security "concerns" or "issues" or whatever term seems neutral enough;
>> and list as the next step exchanging ideas of what "changes" might help.
>>
>>   Clearly, ITU-T is entirely justified in publishing recommendations
>> of what level of security-related-trust to place in IPv6 packet
>> forwarding: but any protocol _changes_ are outside their bailiwick.
>>
>>   (As an aside, IETF should resist most proposals for change until
>> IPv6 sees widespread deployment -- deploying to a moving target is
>> just TOO risky.)
>>
>> --
>> John Leslie <john@jlc.net>
>> --------------------------------------------------------------------
>> IETF IPv6 working group mailing list
>> ipv6@ietf.org
>> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
>> --------------------------------------------------------------------
>